Re: Fortiauthenticator settings for Windows Active Directory Domain Authentication
"Can I use the administrator account or should I create another one with some special privileges?"
Best to use a "service account" - one just for your FAC. It can have privileges to add new machines to the domain, and this can be limited to a few machine adds to prevent overuse.
"Shloud I create a Computer account for the Fortiauthenticator"
The AD account you use to join the FAC to the domain should have these permissions, then that will be done automatically. Otherwise you will need to create a new machine object manually.
"if yes it should be member of domain controllers?"
Definitely not. FAC won't "push" any changes to your domain. It just needs the ability to query the domain hierarchy.