Good Day

We have some dfsr replication groups configured. replication is between the fileserver in our Headquarter and other replication partners are located in our branch offices. branch offices  have an rodc which also acts as fileserver (replication Partner).

have imported the correct management pack and also activated the Monitoring rule for backlog Monitoring. Monitoring agent on all affected servers are running under local system. with this configuration, backlog Monitor does not list any backlogs. (it stays completely empty) next i configured an Action account and added it to the "DFS Replication Monitoring Account" Profile. the configured account also had domain admin rights (because of the rodc). from this Point on, backlog Monitoring does work as expected.

But i don't want the acction account to run with Domain admin rights for security reason. I made it a normal Domain user with logon localy rights on the rodc and file server. but this seems not to be enough.

Question: Does the runas account for dfs Monitoring has to have local admin rights on the Servers? is there any documentation which rights the runas account Needs? i havent found those Information yet.

thanks in advance

andre

you can check this in the Management Pack guide that comes along with the MP.

http://www.microsoft.com/en-in/download/details.aspx?id=4231

thanks. i have read this paper before. i know this part

".... create run as account that has administrative privileges on all the monitored Servers.... can connect to the dfs replication wmi Provider on all monitored Computers. you are not required to use Domain Administrator credentials for this purpose"

but as we have dfsr running on a rodc there is no local admin account. this would mean i have to give Domain admin rights but thats not what i want to... i just want to understand how exactly this Management pack is working... maybe we can the just modify wmi Access for example for the Action account and grant logon locally rights.?

• Edited by andre_80 18 hours 6 minutes ago

thanks. i have read this paper before. i know this part

".... create run as account that has administrative privileges on all the monitored Servers.... can connect to the dfs replication wmi Provider on all monitored Computers. you are not required to use Domain Administrator credentials for this purpose"

but as we have dfsr running on a rodc there is no local admin account. this would mean i have to give Domain admin rights but thats not what i want to... i just want to understand how exactly this Management pack is working... maybe we can the just modify wmi Access for example for the Action account and grant logon locally rights.?

• Edited by andre_80 Thursday, August 20, 2015 1:06 PM