During data collection in Control Compliance Suite (CCS) 11, following error is seen:unable to build domain cache for domain <domain name>
Domain admin credentials were not provided for building domain cache.
In CCS 11 by design of the product, domain admin or equivalent credentials are required to build domain cache. Here is the explanation of why it requires domain admin privileges...
CCS performs deep scanning on Windows Assets, in which it is required to do effective membership analysis for domain users & groups. Apart from this it also reads computer and users information from the domain controller (Active Directory).
To calculate the effective group membership it requires the trusted domain information and trusted domain SID, which is read from the domain controller.
Non domain admin user account does not have the necessary permissions to read this information from the domain and hence a domain admin account is required for this purpose.
CCS does not write anything to the active directory.
Symantec has updated the product to work around and avoid using Domain Administrator credentials. For more information see : Article URL http://www.symantec.com/docs/TECH196631(Control Compliance Suite version 11.0 with SCU 2012-3)