Certain minimum privileges are required to ensure the effective functioning of ADAudit Plus while auditing your EMC Isilon nodes. Create a dedicated ADAudit Plus Isilon user account and provide it with the below privileges.
1. For discovering zones,
- Provide these privileges with read-only access
- ID: ISI_PRIV_LOGIN_SSH
- ID: ISI_PRIV_AUTH
- ID: ISI_PRIV_NETWORK
- Ensure that Smart Connect Zone (SC Zone) is configured for all the zones to be audited. The domain must be the Authentication Provider (lsa-activedirectory-provider) for the zone.
- Verify that the cluster name or cluster DNS name is mapped to the node's IP address.
- Secure Shell (SSH) must be enabled on port 22 on the Isilon cluster to be audited.
2. For discovering shares in a zone
The user configured under domain settings for the authentication provider must have read permission to the shares.
