Good Day
We have some dfsr replication groups configured. replication is between the fileserver in our Headquarter and other replication partners are located in our branch offices. branch offices have an rodc which also acts as fileserver (replication Partner).
have imported the correct management pack and also activated the Monitoring rule for backlog Monitoring. Monitoring agent on all affected servers are running under local system. with this configuration, backlog Monitor does not list any backlogs. (it stays completely empty) next i configured an Action account and added it to the "DFS Replication Monitoring Account" Profile. the configured account also had domain admin rights (because of the rodc). from this Point on, backlog Monitoring does work as expected.
But i don't want the acction account to run with Domain admin rights for security reason. I made it a normal Domain user with logon localy rights on the rodc and file server. but this seems not to be enough.
Question: Does the runas account for dfs Monitoring has to have local admin rights on the Servers? is there any documentation which rights the runas account Needs? i havent found those Information yet.
thanks in advance
andre