Immediately after executing the Active Directory wizard from WinAdmin, you must exit WinAdmin and login to it using the Windows service account credentials specified when you initially launched the AD wizard. Once you have logged in, select the new AD ID source and search for the user that you wish to assign rights to.
Note that technically *any* AD user account can be used to login to the WinAdmin application and perform user searches. However, the WinAdmin application will only let the AD service account credentials assign rights to users.
In this screenshot, I'm logged in as a normal user account. Note that the checkboxes to assign privileges are missing:
Now, I'm logged in with the vedsvc service account specified when I started the AD wizard. Note that the permissions checkboxes are now visible:
So while any AD user can login to the WinAdmin application, they are unable to assign themselves permissions to gain access to the system. As a best practice, Director administrators should ensure that Domain users do not have logon rights to Director systems to prevent unauthorized users from using WinAdmin; however even if these users can access the server they are still unable to gain administrative access to the Director application itself.