Set up polling of user data across domains
Enabling UDT to poll user data, essentially by retrieving event log data, on an AD domain controller outside the local domain of the UDT server requires setup both in UDT and the AD domain controller. UDT supports the following methods for getting event log data from another domain:
|Eventing6||This is the preferred method, and depends on the AD domain controller running Windows Server 2008 or later.|
This method is supported across Windows platforms
UDT collects user information through a scheduled job (REL).
Define credentials for polling across domains
For purposes of retrieving user log data from AD domain controllers, the AD account that UDT uses must be a member of the relevant domain must at least be a member of Event Log Readers if not a group with greater permissions.
See Securing a Remote WMI Connection (© Microsoft 2018, available from https://docs.microsoft.com, obtained 12/18/2018) for instructions to make the account a member of Event Log Readers and make it capable of accessing relevant WMI namespaces.
Keep in mind these requirements when you set up your credentials for accessing an AD domain controller outside the local UDT server domain:
- The UDT user account must be a member of the target domain.
- The UDT user account must either be a member of the Administrators group on the target domain controller or a limited account with privileges to access the remote security event log and directory service on the remote domain controller. If UDT is using a limited account the account must be a member of these groups:
- Domain Users
- Distributed COM Users
- Event Log Readers
- Remote Desktop Users
- The domain credentials should also have access to the following WMI namespaces: