Forum Discussion
AATP and child domain
Hello! Installed the AATP sensor on our domain: exampledomain.com - works ok with a standard user account on that domain as the directory credentials Also have a child domain: child.e...
Hi m_nicholls
Your directory service account will need read access to all objects in the monitored domains.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step2#prerequisites
Yes, one account will work with: exampledomain.com & child.exampledomain.com
If you also have a multi-forest environment with a two-way trust, you still only need one account.
Additional credentials are only required for each forest with non-Kerberos trust or no trust.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-multi-forest