The following versions of Microsoft® System Center Operations Manager are supported.
NOTE: All ports need to be open (incoming/outgoing) with the exception of the Workstation Logon agent which only needs to be outgoing on the workstation's firewall and incoming on the Active Administrator® Server. Figure 1 displays an example of how communication is achieved through the specified ports. |
• |
• |
• |
• |
IMPORTANT: It is recommended that you only use the Web Console internal to the network. If you want to use the Web Console externally, use HyperText Transfer Protocol Secure (HTTPS) by enabling Secure Sockets Layer (SSL). You need to select a certificate, which must be installed in the Personal or My store on the local computer. The default port is 9443. See the Web Console User Guide for more instructions on configuring the Web Server. |
• |
To install Active Administrator®, a user must hold administrative rights on the local system and the SQL instance that will host the Active Administrator database. |
Active Administrator® can restore passwords when you restore accounts that were deleted. To enable password recovery, a minor modification is made to the Schema. To be able to modify the Schema, you must use an account that is a member of the Schema Admins group.
The Domain Administrator account provides the necessary permissions for the various Active Administrator® services to operate properly.
When choosing an account, keep these requirements in mind:
• |
Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. For more detailed permission requirements, see Active Administrator module requirements. |
• |
Active Administrator Data Services (ADS) requires an account that is a member of the AA_Users group, has read access to the enterprise, and has full access on the server where the Active Directory Health Analyzer agent is installed. For more detailed permission requirements, see Active Administrator Data Services (ADS) requirements. |
2 |
Use Group Policy Management console (GPMC) to edit the Default Domain Controller Group Policy Object. Give the user account User Rights to Manage auditing and security log. |
3 |
On the target domain controllers, give the user account Read permission to the registry key: HKLM\System\CurrentControlSet\Services\Eventlog\Security. |
4 |
NOTE: For more detailed instructions, see https://support.quest.com/active-administrator/kb/209446/how-to-configure-a-non-domain-admin-audit-agent-service-account. |
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy