Define credentials for polling across domains

Keep in mind these requirements when you set up your credentials for accessing an AD domain controller outside the local UDT server domain:

  • The UDT user account must be a member of the target domain.
  • The UDT user account must either be a member of the Administrators group on the target domain controller or a limited account with privileges to access the remote security event log and directory service on the remote domain controller. If UDT is using a limited account the account must be a member of these groups:
    • Domain Users
    • Distributed COM Users
    • Event Log Readers
    • Remote Desktop Users (applicable when the UDT server and the domain controller are in a different domain).
  • The domain credentials should also have access to the WMI namespaces listed below:
    • CIMV2
    • directory
    • RSOP

You can use these instructions (© Microsoft 2018, available at, obtained December 19, 2018) to give the account the relevant privileges.

See also: Set up polling of user data across domains.