Services and Functionality:
The Domain Administrator account provides the necessary permissions for the various Active Administrator services to operate properly.
When choosing an account, keep these requirements in mind:
• Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group.
• Active Administrator Advanced Auditing runs as the Local System account, regardless of the user account configured for the Active Administrator Agent service.
• Active Administrator Agent also can run under a domain user account provided it is either a local admin account, which gives it the rights to log on as a service, log on locally and manage auditing and security log, or these privileges can be granted individually. This user or service account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initial database creation were modified and it can be found under the Users container object of Active Directory.
• Active Administrator Notification service needs to have access to the database.
On the database server, the database installation creates two local groups that control access to the audit database.
• AA_Admin group = users that need to be able to update the database
• AA_User group = users that only need to run reports from the database