Using a Dedicated Collector for each Windows Domain Controller?
We ran into trouble monitoring our Windows Domain Controllers because we want to use least privilege and we were only receiving ping and Host Status data. It showed “No data” for CPU, disks, etc.
We used the information in the link “https://www.logicmonitor.com/support/monitoring/os-virtualization/monitoring-a-domain-controller-dc” and installed the collector on a DC using the local system account and set it to monitor itself.
I am now receiving CPU, disk, etc. from that domain controller. It appears the only catch is that I cannot monitor other systems with that collector but that is OK for our situation.
Are there others out there that are monitoring DCs using this method and if so, have you run into any trouble (performance, etc.)?
If you are not using this method, how are you monitoring your DCs in Logic Monitor.
THANK YOU very much for your assistance/opinions/guidance.
Good morning
@jfmhfa01 ,
As Mike mentioned, if we’re looking to monitor domain controllers without leveraging a Domain Administrator, we can install a Collector to each DC running as LocalSystem, which would only provide the Collector sufficient permissions to monitor the DC itself.
For monitoring external servers in this scenario, wmi.pass and wmi.user properties pertaining to relevant credentials for the server would be need to be assigned to these resources, which will be used to authenticate instead of the LocalSystem account.
https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/credentials-for-accessing-remote-windows-computers
