none
Privileges needed to read from an AD security log

    Question

  • Hey Folks,

    My company has developed a software (X) in which the Domain Admin account is needed to integrate AD with the X's AD connector in order to map user IPs to the user names. Now our customers are wondering why this AD connector needs a domain admin account to do so since it only needs to READ from the successful audit logs. Can you give me some hints, please? I really need to know the possible logics the very first developers might have come up with to design the AD connector in such a way.  

    Sunday, February 26, 2017 2:36 AM

All replies

  • May be able to make use of the Event Log Readers group

    https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Todd Heron Sunday, February 26, 2017 3:13 AM
    Sunday, February 26, 2017 2:55 AM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 3, 2017 6:46 AM
    Moderator