cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AATP and child domain

m_nicholls
Copper Contributor

‎Apr 14 2020 08:08 AM

‎Apr 14 2020 08:08 AM

AATP and child domain

Hello!

 

Installed the AATP sensor on our domain:

 

exampledomain.com - works ok with a standard user account on that domain as the directory credentials

 

Also have a child domain:

 

child.exampledomain.com - that handles all student accounts

 

Do we need to add another user account on the child.exampledomain.com domain directory credentials into the existing setup?  Or a different suggestion.  I didn't see anything in the microsoft docs about it.

 

Thanks

997 Views
0 Likes
1 Reply
Reply
1 Reply
BrandonLawson

‎Apr 14 2020 08:46 AM

‎Apr 14 2020 08:46 AM

Re: AATP and child domain

Hi @m_nicholls 

 

Your directory service account will need read access to all objects in the monitored domains.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step2#prerequisites

 

Yes, one account will work with: exampledomain.com &  child.exampledomain.com

 

If you also have a multi-forest environment with a two-way trust, you still only need one account. 

 

Additional credentials are only required for each forest with non-Kerberos trust or no trust.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-multi-forest

 

 

0 Likes
Reply