search cancel

What permissions are required by the domain controller agent user on the Domain Controller?


Article ID: 238929


Updated On:


Data Loss Prevention


The domain controller agent queries Windows Events in the Microsoft Active Directory security event log of the domain controller. When installing the domain controller agent we have to mention an Active Directory user that the domain controller agent uses to query the domain controller.

Domain Admin privileges will work but many organizations are not comfortable giving such high privileges and want to know what specific permissions are required for the user on the Domain Controller?


DLP 15.x


The user needs to be part of the "Event Log Readers" group on the Domain Controller. This will only allow the user to read the events and not have any domain admin privileges. 

1. Log in to Domain Controller which you specified when installing the domain controller agent
2. On the Domain Controller, open "Active Directory Users and Computers"
3. Go to Builtin > Event Log Readers.

4. Add the user to this group. 
5. Once done wait for some time for the AD changes to be replicated.
6. Restart the Domain Controller Agent service.

Additional Information

Installing the domain controller agent to identify users in incidents