What am I testing against?

Active Directory credentials are used to discover domain controllers. Each credential in the list is used to contact Active Directories for the corresponding domain. Essentially, you should create a separate credential for each domain.

For example, if you define three credentials:

  • alpha.local\administrator
  • beta.local\Joe.Frazier
  • zeta.local\Muhammad.Ali

Each would be used in turn to contact their relevant domain controllers. More specifically, "administrator" would be used to discover domain controllers on "alpha.local"; "Joe.Frazier" would be used to contact domain controllers on "beta.local"; and "Muhammad.Ali" would be used to contact domain controllers on "zeta.local".

For purposes of discovering AD domain controllers, the AD account must be a member of the domain; and for purposes of polling for user login data, the AD account must at least be a member of Event Log Readers if not a group with greater permissions.