I am trying to use ad_replication.bat to monitor Active Directory in my settings, I see the instructions in the plugin:
REM * Normally the Check_MK agent runs as sevice with local system
REM * credentials which are not enough for this check.
REM *
REM * To solve this problem you can do e.g. the following:
REM *
REM * - Change the account the service is being started with to a
REM * domain user account with enough permissions on the DC.
And my questions are:
1.- What type of permissions does the domain account need in the DC?
2.- Do I need to change the permissions in the cmk agent service?
Hi
we did another approach since we run ~1000 domain controllers.
Especially in the morning the controllers are under heavy load and the plugin outputs a lot of errors since replications take a long time or even fail in the first place, and this generates huge error plugin outputs. So we ditched that for a textfile which is placed in a special subdirectoy in SYSVOL. This file then must have a certain size and a certain age. If the file is not there or too old, we assume that replication is not working.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
