does the service account that scan domain controllers need to have Domain access permission?

Go to solution
skhan
Tera Contributor

‎06-08-2022 06:12 AM

Do we need the service account that scan domain controllers to have domain access permission? can they still be discovered if we just give them regular admin not domain access? is there a documentation for it?

Labels:
0 Helpfuls
  • 854 Views
1 ACCEPTED SOLUTION

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee

‎06-08-2022 04:21 PM

Yes, when discovering Domain Controllers you must have a domain admin account. You have options including utilizing JEA and/or using the Agent Client Collector

View solution in original post

3 REPLIES 3

Go to solution
doug_schulze
ServiceNow Employee
ServiceNow Employee

‎06-08-2022 04:21 PM

Yes, when discovering Domain Controllers you must have a domain admin account. You have options including utilizing JEA and/or using the Agent Client Collector

Go to solution
skhan
Tera Contributor
In response to doug_schulze

‎06-09-2022 01:17 PM

Thank You Doug!

0 Helpfuls

Go to solution
SELECT Username
ServiceNow Employee
ServiceNow Employee
In response to skhan

‎06-13-2022 12:29 PM

Doug is correct.

Domain Controllers are special.  They don't actually have a local admin account like other services.  The local administrator account goes away when they're promoted to a DC.  That's a Microsoft item not a ServiceNow limitation:


https://social.technet.microsoft.com/Forums/en-US/b095b851-d2e7-4dd3-9678-f50088debe59/how-to-access-local-administrator-account-on-domain-controller?forum=windowsserver2008r2general

0 Helpfuls