After installing the 3.2 Windows Proxy on the the primary Domain Controller, the PAM Proxy service was started, following changing the PAM proxy service's Log On credentials go a domain user.  In this case [email protected] was used, after making sure that the user was in the Domain Admin Group.

With the proxy running with the domain credentials specified, it will be possible to configure PAM to manage a domain account.  First enable the Windows Proxy:

Next configure the devices for the domain:

Next create a target application using the Windows Proxy application type.

Configure a Target Account using the Target Application just configured.

With no problems encountered the account will show as in sync.  If it does not work, duplicate the problem after setting the Tomcat Log Level = Info on the Config --> Diagnostics page.  After duplicating the problem search the Tomcat Log for messages related to the problem.

Management of Local Accounts on a domain member will be similar.  It will require creation another Windows Proxy Target Application, this one specifying Local Account for the Account Type.

It will also be necessary to add the user specified for the PAM Proxy service Log On user to the Administrator group of the Domain member whose local users are to be managed.  This is done on the Domain member using Computer Management.

Once the Proxy Login user is added to the Administrators group on the Domain member it will be possible to add Local Accounts on that server to PAM and put them in sync.