V-center Server Credentials - Local vsphere Account or AD ID account ?

I have the following set up in my NBU environment:-

NBU: 7.6.0.1

Master Server: Windows 2008 64bit

v-center Server: 5.5

80% of the clients configured for backup in our environment are VMs.

 

The credential configured for Vmware Vcenter server in our environment is through a vsphere local account (vsphere.local\bkpmaster)

The issue comes up when the password set for this account gets expired every 90 days and all vmware backup starts failing with error code 4239 (Unable to find the virtual machine).

Though our VMware admin says that we can extend the expiration for this local account to 120 days or so, but they can never set this password to never-expire as they dont have any such option.

 

The workaround suggested in this case is to get an AD ID account created for the NetBackup access to this vCenter server in our environment and then, this AD ID account password can be set to never-expire.

 

1) I would like to know what are the implications of this change to the existing Virtual machine backup in our environment ?

2) Is AD ID account would be a better idea than local vcenter account?

 

3) Do we need to have special previleges/permissions other than those in local vcenter account for this new AD ID account?

 

As per NBU for Vmware guide; NetBackup needs access to this vcenter server for either of the following reasons:-

Do we need to have any special privileges in place for an account other than above two ? 

 

4) Also, after creating AD ID account, the only change we need to do is to change the credentials with new AD ID account under "Credentials" => "virtual       machine servers" ?  Or do we need to make changes anywhere else too ?

 

Please guide and suggest further.

 

Many Thanks Folks.