Active Administrator 8.6 - Installation Guide

Table 12. Required permissions for the Active Directory Health module
Submodule	Console user account	AFS account
Active Directory Health Landing Page	Must have the Active Administrator Active Directory Health Analyzer role.	Must be a member of the AA_Users group.
Analyzer	Must have the Active Administrator Active Directory Health Analyzer role.	N/A
Alerts	Must have the Active Administrator Active Directory Health Analyzer role. To manage notifications, must have the Active Administrator Active Directory Health Notification Management role.	Must be a member of the AA_Users group. Must have read/write access to the DACache folder in the Active Administrator share.
Agents	To manage agents, must have the Active Administrator Active Directory Health Agent Management role. To manage notifications, must have the Active Administrator Active Directory Health Notification Management role. to manage data collectors, must have the Active Administrator Active Directory Health Data Collector Management role. To manage alerts, must have the Active Administrator Active Directory Health Alert Management role. To manage agents, must have the Active Administrator Active Directory Health Agent Management role.	To install, edit, and remove agents, must be a member of the AA_Admins group and have full control access to the target server. To update alerts and collectors, and to manage notifications, must have read/write access to the DACache folder in the Active Administrator share. NOTE: For the specific permissions required for each data collector, see Appendix A in the Quest® Active Administrator® User Guide or online help.
Troubleshooter	Must have the Active Administrator Active Directory Health Troubleshooter role. To view reports or perform troubleshooting operations, must have WMI remote access enabled and be a member of the Distributed COM users group. To run jobs, must have full control access to the target server.	N/A
Diagnostic Console	To collect performance counter values, must be a member of the local administrator group on the target domain controller.	N/A

Active Administrator Data Services (ADS) requirements

Table 13. Required permissions for Active Administrator Data Services (ADS)
Subsystem	ADS account
Loader	Must be a member of the AA_Users group and have read access to the enterprise.
Data Collectors	See the data collector permissions for forests, domains, and sites in Appendix A of the Quest® Active Administrator® User Guide or online help.
Agent Monitor and Recovery	Must have full access on the server where the Active Directory Health Analyzer agent is installed.

Data collectors requirements

The Active Directory Health module uses the Active Directory Health Analyzer agents to monitor domain controllers and presents data for you to troubleshoot issues. For the Active Directory Health Analyzer agents to acquire the necessary data, certain permissions and access are required for the Active Directory Health Analyzer agent startup account.

To capture all data collectors accessible by the Active Directory Health Analyzer, the startup account for the Active Directory Health Analyzer agent must:

•

have Domain User and domain administrative privileges;

•

be a member of the Distributed COM Users group; and

•

be a member of the Performance Logs Users group.

•

The target server must have WMI remote access enabled.

Auditing & Alerts

For all Active Administrator® modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. The following table lists the specific permission requirements for the Auditing & Alerts module.


	NOTE: To assign roles in Active Administrator, select Configuration \| Role Based Access \| New.

Table 14. Required permissions for the Auditing & Alerts module
Submodule	Console user account	AFS account
Auditing & Alert Landing Page	Must have any of these Active Administrator roles: Audit Report Management, Audit Report Viewer, Alert Editor or Alert Viewer.	Must be a member of the AA_Users group.
Audit Reports	Must have the Active Administrator Report Viewer role to view reports. Must have the Active Administrator Report Management role to manage reports.	Must be a member of the AA_Admins group.
Archives	Must have the Active Administrator Report Viewer role to view reports. Must have the Active Administrator Report Management role to manage reports.	Must be a member of the AA_Admins group.
Agents	Must have the Active Administrator Full Control role.	Must be a member of the AA_Admins group and have full access to the target server. The agent account must have read access to the security log on the target domain controller and be a member of the AA_Admins group.
Auditing Alerts	Must have the Active Administrator Report Viewer role to view alerts and alert history. Must have the Active Administrator Alert Editor role to manage alerts.	Must be a member of the AA_Admins group.
Event Definitions	Must have the Active Administrator Full Control role.	Must be a member of the AA_Admins group.
Archive & Purging	Must have the Active Administrator Full Control role.	Must be a member of the AA_Admins group.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

Active Administrator 8.6 - Installation Guide

Required permissions for Active Directory Health

Active Administrator Data Services (ADS) requirements

Data collectors requirements

Auditing & Alerts