This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Directory extended monitoring user setup

rseibert1
Contributor

‎14 Feb 2025 06:01 PM - last edited on ‎17 Feb 2025 09:27 AM by Community Team

I have enabled the regular Active Directory extension, now users want the extra metrics provided by the extended version.

The only information I can find about the user needed for this extension is below:

When enabling this extension, you will be prompted for

  • User name and password to a Windows account
    • Able to logon locally
    • The account requires KEY_READ permission to read registry keys from HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    • The account requires permission to locally execute PowerShell cmdlets on the AD server
    • If collecting DHCP scope metrics, the user must be part of the DHCP Users group
    • Note that the account doesn't have to be the local account on an AD server. It can be domain account, but it requires local server privileges (registry key read, PS cmdlet run). 
    •  
    • I am told this text is misleading for Domain Controllers. Is there any more documentation on what is needed for this user, it sounds like the AD team are concerned this requires admin privilege's?
Labels:
0 Kudos
Reply
0 REPLIES 0
Ask a question

Featured Posts