Running Microsoft Active Directory agent as a non-administrator user
You can run the Log File agent as a non-administrator user.
About this task
You can run the monitoring agent for Active Directory as a non-administrator user; however, Trust Topology attributes and Sysvol Replication attributes might not be available. These attributes are available only to domain users.
To view the Trust Topology attributes, a non-administrator user must have the following registry
permissions:
- Grant full access to the
HKEY_LOCAL_MACHINE\SOFTWARE\Candle directory
. - Grant read access to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Perflib
directory.
To view the Sysvol Replication attributes, a non-administrator user must have full access to the
Sysvol
folder on all domain controllers in a domain.
Important: When Microsoft Active Directory agent
is running as a non-administrator user, some services from the Services attribute group show values
for Current State and Start Type attributes as Unknown on the APM User Interface.
The following table contains the attribute groups for the Active Directory agent that display data for domain users and performance monitoring users.
User right | Attribute group |
---|---|
Domain users |
|
Domain users and performance monitoring users | All attribute groups that are mentioned for the domain users and the following
extra attribute groups:
|
Note: Additionally, the following attribute groups display data for users who are
members of the Administrators group:
- Active Directory Database Information
- Moved or Deleted Organizational Unit
- Password Setting Objects
For information, refer Configuring Microsoft Active Directory monitoring