Documentation forHybrid Cloud Observability Essentialsand User Device Tracker

Define credentials for polling across domains

Keep in mind these requirements when you set up your credentials for accessing an AD domain controller outside the local UDT server domain:

  • The UDT user account must be a member of the target domain.
  • The UDT user account must either be a member of the Administrators group on the target domain controller or a limited account with privileges to access the remote security event log and directory service on the remote domain controller. If UDT is using a limited account the account must be a member of these groups:
    • Domain Users
    • Distributed COM Users
    • Event Log Readers
    • Remote Desktop Users (applicable when the UDT server and the domain controller are in a different domain).
  • The domain credentials should also have access to the WMI namespaces listed below:
    • CIMV2
    • directory
    • RSOP

You can use these instructions (© Microsoft 2018, available at, obtained December 19, 2018) to give the account the relevant privileges.

See also: Set up polling of user data across domains.