What are the exact permission requirements for the ADMonitor service account, EventSentryADMonitor?

Under most circumstances, the EventSentry Configuration Assistant (which is launched after every installation and/or upgrade) automatically creates the EventSentryADMonitor service account with the correct permissions and rights in Active Directory.

If the user could not be created during setup, or you received warnings pertaining to the EventSentryADMonitor user account, then you can follow the instructions below to make sure the user was setup correctly:

1. Using the built-in Active Directory Users and Computers app, verify that the EventSentryADMonitor user exists.
2. With the same app, verify that the user is a member of the Domain Admins group. Membership in the Enterprise Admins group is only necessary when monitoring sub domains with ADMonitor.
3. On the host where EventSentry is installed, attempt to log on with the EventSentryADMonitor user to make sure the credentials work.
4. On the same host, in an elevated command prompt, run the command net localgroup Administrators The output should show the YOURDOMAIN\Domain Admins group in the resulting "Members" list. If Domain Admins is not part of the group then you will need to add the service account to the local administrators group with the following command: net localgroup Administrators YOURDOMAIN\EventSentryADMonitor /add This step may also help resolve incorrect license errors reported by the service.
5. On the same host, open the "Services" app in the administrative tools and locate the EventSentry ADMonitor service. If the service is not running then attempt to start it, otherwise attempt to restart it. If the service fails to start, or if ADMonitor continues to be unable to detect AD activity continue with step 6.
6. In the same app, edit the service properties by double-clicking the service name. Click the "Log On" tab and change the server user account from the "YOURDOMAIN\EventSentryADMonitor" syntax to the UPN syntax, e.g. eventsentryadmonitor@yourdomain.local and attempt to start the service.

If you are unable to start the service due to a logon error, despite having verified that the user exists (with the correct permissions as explained above) and that the password is correct, then follow the steps below to reset the service credentials that are associated with the Windows service:

1. On the host where EventSentry and ADMonitor are installed, open the "Services" app in the administrative tools and locate the EventSentry ADMonitor service. Edit the service properties by double-clicking the service name and click the "Log On" tab.
2. Change the service account from its current setting to Local System account and click OK to save the changes. Enter the service properties again, click the "Log On" tab but this time specify the correct service account, which should be either YOURDOMAIN\EventSentryADMonitor or eventsentryadmonitor@yourdomain.local (UPN syntax). Click OK to save the changes.
3. Attempt to start the service, it should start correctly.