What permissions are required by the domain controller agent user on the Domain Controller?
Article ID: 238929
Updated On: 04-13-2022
Products
Issue/Introduction
The domain controller agent queries Windows Events in the Microsoft Active Directory security event log of the domain controller. When installing the domain controller agent we have to mention an Active Directory user that the domain controller agent uses to query the domain controller.
Domain Admin privileges will work but many organizations are not comfortable giving such high privileges and want to know what specific permissions are required for the user on the Domain Controller?
Environment
DLP 15.x
Resolution
The user needs to be part of the "Event Log Readers" group on the Domain Controller. This will only allow the user to read the events and not have any domain admin privileges.
1. Log in to Domain Controller which you specified when installing the domain controller agent
2. On the Domain Controller, open "Active Directory Users and Computers"
3. Go to Builtin > Event Log Readers.
4. Add the user to this group.
5. Once done wait for some time for the AD changes to be replicated.
6. Restart the Domain Controller Agent service.
Additional Information
Feedback
