What is the purpose of the Override account used by Secure Password Administrator? (NETIQKB50352)

What is the purpose of the Override account used by Secure Password Administrator?

Can I use an Override account instead of the SPA service account?

 You can specify an account within the domain of the Directory and Resource Administrator (DRA) Administration server to add to the SPA Admins Assistant Admin (AA) group, or you can use a SPA Override account that is already a member of the group. Some examples that require you to use a SPA Override account are:

• Wanting to take advantage of the SPA Users from All Managed and Trusted Domains ActiveView as a means to exclude accounts from SPA management.
• Installing the SPA Web server on a computer that is neither managed by DRA nor trusted by the domain in which the DRA Administration server resides.
• Running the SPA service account under local account credentials.
• Conforming to policies limiting the number of powerful accounts with far reaching access in your network.

The Secure Password Administrator (SPA) override account is used to access and execute password change and account unlock requests.

Formerly known as NETIQKB50352