Thank you for your feedback, it is great you like the tool. As for the issue you have, can you actually add more details to "I'm unable to use this tool unless I run it as domain administrator"? What issues you experience when the tool si not running as admin?
Again, this is a great tool. I have four DCs. After I got it to work, I was able to notice that I had a ton of event errors on my two remote site DCs. Apparently GPO regarding Windows firewall was not being applied correctly and these DCs were rejecting some LDAP requests on 389. I was able to resolve this issue due to your tool.
Again I'm running 2008R2 SP1 as my workstation. All of my servers are 2008R2 SP1 running on vSphere 4.1 or 5. When I first installed the tool and launched it, I was not able to add any servers. I then exited, right clicked and choose to "Run as Administrator" (the local machine Admin) but it still wouldn't work. Finally I decided to "Run As another User" and entered my domain admin username and password. That worked. Allowed me to enter four DCs and download events.
After I used the tool to resolve the large number of error events I was seeing on my two remote DCs I left it running overnight. The next morning when I came in, the application had crashed.
I screenshot the errors, but I apparently didn't save them sorry. I attempted to re-launce the app as Domain Administrator and it brought up events from my first DC but didn't show the other three. I attempted to re-add them but it said they already existed? So I quit and waited until this AM.
This AM I attempted to launch it by choosing to "Run as Administrator" and this time I was able to add all for DCs and it is again working. I have no idea what changed and I have not rebooted my workstation. Happy at this point and I'll updated if I see anything else regarding stability.
Thank you for the information. When the application crashes down, its settings are not saved and may actually be corrupted. That is most likely why you could not add the servers.
As for the crash, the application does not store the event data in a database, it holds everything in memory. Since it reads the history one month back, it may be a lot of data and therefore a lot of required memory. If you want to monitor only the new events without reading the events a month back, you may disable this in the configuration file: Navigate to EventLogConsolidator.exe.config file in the installation folder. Open it in notepad, and look for
<setting name="IsHistoryEnabled" serializeAs="String">
Change the "True" to "False" and restart the application. It will read data only one hour back and it will monitor the incoming events.
As for the "domain admin" issue, we have no idea what could cause this requirement. It seems like there would be a policy that would prevent the application from impersonating the domain account you type in, but it is not very likely.