Documentation forHybrid Cloud Observability Essentialsand User Device Tracker

Manage Active Directory credentials

Active Directory credentials are required for the Active Directory domain controllers you add to UDT. These can be set up and edited on the Manage Active Directory Administrator Credentials page, or created when you add a controller.

This topic covers how to add, edit, and delete Active Directory credentials, and the possible scenarios that may result when UDT attempts to validate these credentials.

The domain credential used by UDT for communications with the Domain Controller should have the following permission:

  • Event Log Readers

The domain credentials should also have access to the following WMI namespaces:

  • CIMV2
  • directory
  • RSOP

Add, edit or delete an Active Directory credential

  1. Go to Settings > All Settings, and click UDT Settings in the Product Specific Settings section.
  2. Click Add, Edit or Delete UDT Credentials in the UDT section.
  3. To add a credential:
    1. Click Add UDT Credential.
    2. Enter a name to identify this credential. For example, if this credential were the one that you want UDT to use in retrieving event log data from an Active Directory domain controller, you might call it Event Log Reader.
    3. Enter the User Name (Domain\Username) to use with this credential.

      Whatever account you enter must have permissions on the Active Directory domain controller for the tasks for which UDT would use it. The permission required to access the Event Log is Event Log Reader. See the section on Define credentials for polling across domains if the Active Directory domain controller for which you are setting up UDT credentials resides in a domain outside the domain of the UDT server.

    4. Enter and confirm the password, then click OK.
  4. To edit a credential:
    1. Select the credential, and click Edit Credential.
    2. Amend the User Name and Password as required, and click OK.
  5. To delete a credential.

    You cannot delete a credential if it is currently associated with one or more domain controllers. You can check if a credential is currently assigned by referring to the Assigned to DC(s) column in the credentials list.

    Select the credential, and click Delete.

  6. Click OK to confirm the deletion.

Domain controller configuration validation

Domain controller configuration validation is performed in UDT on the following pages:

  • Add Node
  • Manage Active Directory Domain Controller
  • Device Tracker Discovery

The following scenarios may be encountered.

Event Notification displayed Scenario
WMI service is not running WMI services is not running on the Domain Controller.
WMI service is running but user does not have enough permissions UDT credential does not have rights to the required WMI namespaces (CIMV2, directory and RSOP).
2 connection error If the audit account log-on event is configured to the state "No Auditing" or "Failure" and the UDT credential does not have event log read access.
1 connection error

The audit account log-on event is configured as expected but the UDT credential does not have event log read access, or:

The audit account log-on event is not configured but the UDT credentials have event log read access.

Successful If everything is set up as expected.
Test Failed If the supplied credentials are wrong.