12 Replies Latest reply on Feb 27, 2013 4:08 PM by amritbabu

    Active Directory Credentials

    rickg

      I installed UDT V2.0 RC and I reached a point where I entered the AD credentials that I thought might work, but they failed.

       Exactly what rights, privileges, or access does this account need to have in order for UDT to pull the user information?

      I tried to use the embedded link on the page that should have taken me to the answer, but it took me of a generic page of marketing material.

       Can we get the link fixed or even better, can someone tell me what we need.? The download didn’t contain any documentation.

      Rick

        • Re: Active Directory Credentials
          Bedrich.Michalek

          The account must be member of "Event Log Readers" group (Windows 2k8) or have access to the Security log at least. If possible, try some admin account to see if you are able to pull the data from domain controller. If that works, change to the account with restricted rights.

          I'll also take a look at the help link.

           

          Bedrich

          • Re: Active Directory Credentials
            chronos

            Rickg, you have to do following:

            - Create some account which you will use to access logs

            - Make this account member of AD Builtin group "Event Log Readers"

            - Ensure that this setting is replicated to target DC (which you will use for test)

            - Enable 3 rules at Windows firewall on domain controller with names starting with "Remote event log management"

            - Try to use this account from  within UDT. It should work instantly

             

            You can use mmc with event viewer snapin to test, if your new account has rights and ability to read security log on target DC. If you cannot access log remotly using event viewer, it is pointless to try setup UDT. I spent many hours trying to setup UDT just because I forgot to open firewall and it is not stated in UDP documentation...

             

            If you doesn't open firewall, then UDT behavior depends on setup of your account. If you use just regular user account which is member of "Event Log Readers", then this account will be refused as early as you will test it in node configuration. If you use domain admin account, then it will pass the test (after 10-20 seconds) but log reading will not work and you may find "RPC Unavailable" messages in UDT jobs log.

            • Re: Active Directory Credentials
              amritbabu

              So here is the fix guys:

               

              If you are seeing an issue where AD is polling, and you do not receive user information from Domain Controllers, issue could be UDT is not seeing the current event codes.

               

              UDT searches for 4768/4769.  Often times if you see the AD server publishing event codes of 4624/4634 or any other codes, you might want to ensure that you enable Kerberos. Upon enabling this, you should then be able to see the user logins.

               

               

              1) Run Group Policy Management Editor on the domain controller, and navigate to the following node:

              Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy. Once you expand the node, you will see a list of possible audit categories you can configure:


              pic 1.png

              2) Make sure "Audit account logon events" and "Audit logon events" are defined


              3) In some environments, it may be necessary to configure Kerberos Authentication service. Go to Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon, and make sure the two items containing "Kerberos" are defined

              pic2.png


              4) Make sure the Event Log on the domain controller that is being monitored by UDT is not full and new events can be added (overwriting old events is not forbidden)

              1 of 1 people found this helpful