Set up polling of user data across domains

Enabling UDT to poll user data, essentially by retrieving event log data, on an AD domain controller outside the local domain of the UDT server requires setup both in UDT and the AD domain controller. UDT supports the following methods for getting event log data from another domain:

Eventing6 This is the preferred method, and depends on the AD domain controller running Windows Server 2008 or later.
WMI

This method is supported across Windows platforms

UDT collects user information through a scheduled job (REL).

Define credentials for polling across domains

For purposes of retrieving user log data from AD domain controllers, the AD account that UDT uses must be a member of the relevant domain must at least be a member of Event Log Readers if not a group with greater permissions.

See Securing a Remote WMI Connection (© Microsoft 2018, available from https://docs.microsoft.com, obtained 12/18/2018) for instructions to make the account a member of Event Log Readers and make it capable of accessing relevant WMI namespaces.

Keep in mind these requirements when you set up your credentials for accessing an AD domain controller outside the local UDT server domain:

  • The UDT user account must be a member of the target domain.
  • The UDT user account must either be a member of the Administrators group on the target domain controller or a limited account with privileges to access the remote security event log and directory service on the remote domain controller. If UDT is using a limited account the account must be a member of these groups:
    • Domain Users
    • Distributed COM Users
    • Event Log Readers
    • Remote Desktop Users
  • The domain credentials should also have access to the following WMI namespaces:
    • CIMV2
    • directory
    • RSOP

For information on setting namespace security, see Setting Namespace Security with the WMI Control ( © Microsoft 2018, available from https://docs.microsoft.com, obtained 12/18/2018).