Neophyte
AdvisorI don't have a solution to that issue, I've not tried deploying to Windows Server core before.
But could you avoid installing the collector on the DC entirely? We treat domain controllers the same as any other Windows Server - we apply least privilege access using a PowerShell script that's very similar to what LM describe here: https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/windows-server-monitoring-and-principle-of-least-privilege
As long as we've got a domain user (not a domain admin), we have the relevant Win Firewall ports open and the user in the right domain groups (both done in GPO) and have run the NonAdmin script (which we push out using GPO) we can monitor DCs from an external collector.
Might be worth a look and avoiding collectors on DCs entirely.
Dave
NeophyteUnfortunately the clients want the AD visibility/management that installing provides , otherwise we'd need a service account with Dom Admin rights and that's not happening.
AdvisorI'm pretty sure the AD modules work just fine when polled from a remote collector without domain admin rights. I think there was one permission we had to set to allow some custom stuff to run, but the built-in LM modules seem to work OK for us if the user account has been assigned permissions by the Non-Admin script.
Dave
