Chat now with support
Chat with Support

Active Administrator 8.7 - Installation Guide

Installation Considerations for Active Administrator Installing and configuring Active Administrator Appendix: Active Administrator Server Manager

Auditing & Alerts

For all Active Administrator modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. The following table lists the specific permission requirements for the Auditing & Alerts module.

NOTE: To assign roles in Active Administrator, select Configuration | Role Based Access | New.

Auditing & Alert Landing Page

Must have any of these Active Administrator roles: Audit Report Management, Audit Report Viewer, Alert Editor or Alert Viewer.

Must be a member of the AA_Users group.

Audit Reports

Must have the Active Administrator Report Viewer role to view reports.

Must have the Active Administrator Report Management role to manage reports.

Must be a member of the AA_Admins group.

Archives

Must have the Active Administrator Report Viewer role to view reports.

Must have the Active Administrator Report Management role to manage reports.

Must be a member of the AA_Admins group.

Agents

Must have the Active Administrator Full Control role.

Must be a member of the AA_Admins group and have full access to the target server.

The agent account must have read access to the security log on the target domain controller and be a member of the AA_Admins group.

Auditing Alerts

Must have the Active Administrator Report Viewer role to view alerts and alert history.

Must have the Active Administrator Alert Editor role to manage alerts.

Must be a member of the AA_Admins group.

Event Definitions

Must have the Active Administrator Full Control role.

Must be a member of the AA_Admins group.

Archive & Purging

Must have the Active Administrator Full Control role.

Must be a member of the AA_Admins group.

Group Policy

For all Active Administrator modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. The following table lists the specific permission requirements for the Group Policy module.

NOTE: To assign roles in Active Administrator, select Configuration | Role Based Access | New.

Group Policy Landing Page

Must have one of these Active Administrator roles: Group Policy Object Management, Group Policy History, or Group Policy Repository.

Must have read access to all group policies objects in the selected domains.

Must have read access to the GPORepository, GPOBackups, and RSOPPlanning folders in the Active Administrator share.

Group Policy Objects

Must have the Active Administrator Group Policy Management role.

To view GPOs, must have read access to all GPO objects in the selected domain.

To create, edit, or delete GPOs, must have the appropriate permissions on the selected GPO.

To link or unlink a GPO, must have the appropriate permissions on the target.

To backup GPOs, must have read access to the selected GPO and read/write access to the GPOBackup folder in the Active Administrator share.

To add to the repository, must have full control access to the selected GPO, including SysVol and the System/Policies in Active Directory®. Must also have read/write access to the GPORepository folder in the Active Administrator share.

Group Policy by Container

Must have the Active Administrator Group Policy Management role.

To view GPOs and GPO modeling, must have read access to all GPO objects in the selected domain.

To create, edit, delete, block, and unblock GPOs, must have the appropriate permissions on the selected GPO.

To link, unlink, or change link order, must have the appropriate permissions on the target.

To create a new OU, must have the appropriate permissions in the selected OU.

N/A

GPO Settings Search

Must have the Active Administrator Group Policy Management role.

Must have read access to the GPOBackup, GPOCache, GPORepository, and GPOHistory folders in the Active Administrator share.

Must have read access to the all of the GPOs in the managed domains.

GPO History

Must have the Active Administrator Group Policy History role.

Must have read/write access to the GPOHistory folder in the Active Administrator share and read access to all GPOs in the managed domains.

To rollback GPOs, must have full control on the selected GPO.

GPO Repository

Must have the Active Administrator Group Policy Repository role.

To add, edit, remove, check out, check in, or discard, must have full control access to the selected GPO including the SysVol and the System/Policies in Active Directory®.

Must have read/write access to the GPORepository folder in the Active Administrator share.

GPO Modeling

Must have the Active Administrator Group Policy Management role.

Must have read access to the entire directory to run the simulation.

Must have read/write access to the RSOPPlanning folder in the Active Administrator share.

GPO Backup

Must have the Active Administrator Group Policy Management role.

Must have read/write access to the GPOBackup folder in the Active Administrator share.

Must have read access to the selected GPO.

Client-side troubleshooting

Must have the Active Administrator Group Policy Management role.

Must have full access to the target computer.

N/A

Purge GPO History

Must have the Active Administrator Full Control role.

Must have read/write access to the GPOHistory folder in the Active Administrator share.

Active Directory Recovery

For all Active Administrator modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. The following table lists the specific permission requirements for the Active Directory Recovery module.

NOTE: To assign roles in Active Administrator, select Configuration | Role Based Access | New.

Recovery Landing Pages

Must have the Active Administrator Recovery role.

Must be a member of the AA_Users group.

Object Recovery

Must have the Active Administrator Recovery role.

Must be a member of Domain Admins or Enterprise Admins group.

To perform a restore, must have full access to the target and read access to the ADBackups folder in the Active Administrator share.

Must have read/write access to the ADBackups folder.

Must have read access to the entire domain.

Purge AD Backups

Must have the Active Administrator Recovery role.

Must be a member of the AA_Users group.

Must have read/write access to the ADBackups folder in the Active Administrator share.

Active Directory Infrastructure Landing Page

Must have any of these Active Administrator roles: Site Management or Trust Management.

User must have read access to the entire forest.

Must be a member of the AA_Users group.

Active Directory Sites

Must have the Active Administrator Site Management role.

Must have read access to view all sites, subnets and site links in the forest.

To create, edit or delete sites, subnets and site links, must have enterprise access.

N/A

Replication Monitoring

Must have the Active Administrator Site Management role.

Must be a member of the AA_Admins group.

Must have read access to the entire forest.

Replication Analyzer

Must have the Active Administrator Site Management role.

Must have read access to the entire forest.

N/A

Active Directory Trust

Must have the Active Administrator Trust Management role.

To view trusts, must have read access to the entire forest.

To add, edit, or delete trusts, must have the appropriate permissions in the target domain.

N/A

DC Management

For all Active Administrator modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. The following table lists the specific permission requirements for the DC Management module.

NOTE: To assign roles in Active Administrator, select Configuration | Role Based Access | New.

DC Management Landing Page

Must have the Active Administrator Domain Controller Management role.

Must have read access to the selected domain controller.

N/A

DC Status

Must have the Active Administrator Domain Controller Management role.

Must have read access to the selected domain controller, have WMI remote access enabled, and must be a member of the Distributed COM users group.

N/A

DC Services

Must have the Active Administrator Domain Controller Management role.

Must have full control on the selected domain controller.

N/A

DC Performance

Must have the Active Administrator Domain Controller Management role.

Must have read access to the selected domain controller and be a member of the Performance Log Users group.

N/A

DC Event Logs

Must have the Active Administrator Domain Controller Management role.

Must have read access to the selected event log on the selected domain controller.

N/A

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating