Manage Active Directory credentials
Active Directory credentials are required for the Active Directory domain controllers you add to UDT. These can be set up and edited on the Manage Active Directory Administrator Credentials page, or created when you add a controller.
This topic covers how to add, edit, and delete Active Directory credentials, and the possible scenarios that may result when UDT attempts to validate these credentials.
The domain credential used by UDT for communications with the Domain Controller should have the following permission:
- Event Log Readers
The domain credentials should also have access to the following WMI namespaces:
Add, edit or delete an Active Directory credential
- Go to Settings > All Settings, and click UDT Settings in the Product Specific Settings section.
- Click Add, Edit or Delete UDT Credentials in the UDT section.
- To add a credential:
- Click Add UDT Credential.
- Enter a name to identify this credential. For example, if this credential were the one that you want UDT to use in retrieving event log data from an Active Directory domain controller, you might call it Event Log Reader.
- Enter the User Name (Domain\Username) to use with this credential.
Whatever account you enter must have permissions on the Active Directory domain controller for the tasks for which UDT would use it. The permission required to access the Event Log is Event Log Reader. See the section on Define credentials for polling across domains if the Active Directory domain controller for which you are setting up UDT credentials resides in a domain outside the domain of the UDT server.
- Enter and confirm the password, then click OK.
- To edit a credential:
- Select the credential, and click Edit Credential.
- Amend the User Name and Password as required, and click OK.
- To delete a credential.
You cannot delete a credential if it is currently associated with one or more domain controllers. You can check if a credential is currently assigned by referring to the Assigned to DC(s) column in the credentials list.
Select the credential, and click Delete.
- Click OK to confirm the deletion.
Domain controller configuration validation
Domain controller configuration validation is performed in UDT on the following pages:
- Add Node
- Manage Active Directory Domain Controller
- Device Tracker Discovery
The following scenarios may be encountered.
|Event Notification displayed||Scenario|
||WMI services is not running on the Domain Controller.|
||UDT credential does not have rights to the required WMI namespaces (CIMV2, directory and RSOP).|
||If the audit account log-on event is configured to the state "No Auditing" or "Failure" and the UDT credential does not have event log read access.|
The audit account log-on event is configured as expected but the UDT credential does not have event log read access, or:
The audit account log-on event is not configured but the UDT credentials have event log read access.
||If everything is set up as expected.|
||If the supplied credentials are wrong.|