Forum Discussion

Michele D'Angelantonio's avatar
Michele D'Angelantonio
Copper Contributor
Jul 09, 2020

empty timeline, no alerts detected

Hi all. After a good number of implementations with normal service account I tried the first one using gMSA. In the past, when AD Connect had the first sync after the sensor installations, I immedi...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jul 18, 2020

Jonathan Green ,  Michele D'Angelantonio  Please DO NOT add the gmsa account (or any other account configured for use with AATP) to Domain Admins!

This is a security risk, and is not needed for sure for AATP to run correctly.

the AATP AD account should be a low privileged user with read only access to AD, plus some specific permissions (SAMR, deleted items etc) for enhanced functionality. 

Jonathan Green's avatar
Jonathan Green
Brass Contributor
Jul 18, 2020
Eli,
I had to re-read what I wrote, as mentally that wasn't what I was typing. Fixed.
  • Michele D'Angelantonio's avatar
    Michele D'Angelantonio
    Copper Contributor
    Jul 27, 2020

    Jonathan Green , EliOfek  thanks for your suggestions.

    Just for update:

    I checked and fixed the gMSA account Domain User membership and now I can see more activities and some alarm.

    I've the last strange problem. On the AD Connect server activity page I can see everityhing but the DC sync activities performed by AD Connect are still missing. 

    in other implementations it was the first alerts I had.

    thanks again

    Mike

Resources