AATP and child domain

%3CLINGO-SUB%20id%3D%22lingo-sub-1306027%22%20slang%3D%22en-US%22%3EAATP%20and%20child%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1306027%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInstalled%20the%20AATP%20sensor%20on%20our%20domain%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eexampledomain.com%20-%20works%20ok%20with%20a%20standard%20user%20account%20on%20that%20domain%20as%20the%20directory%20credentials%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20have%20a%20child%20domain%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Echild.exampledomain.com%20-%20that%20handles%20all%20student%20accounts%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20we%20need%20to%20add%20another%20user%20account%20on%20the%20child.exampledomain.com%20domain%20directory%20credentials%20into%20the%20existing%20setup%3F%26nbsp%3B%20Or%20a%20different%20suggestion.%26nbsp%3B%20I%20didn't%20see%20anything%20in%20the%20microsoft%20docs%20about%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1306165%22%20slang%3D%22en-US%22%3ERe%3A%20AATP%20and%20child%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1306165%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F621092%22%20target%3D%22_blank%22%3E%40m_nicholls%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYour%20directory%20service%20account%20will%20need%20read%20access%20to%20all%20objects%20in%20the%20monitored%20domains.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finstall-atp-step2%23prerequisites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finstall-atp-step2%23prerequisites%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYes%2C%20one%20account%20will%20work%20with%3A%26nbsp%3B%3CSPAN%3Eexampledomain.com%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26amp%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Echild.exampledomain.com%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIf%20you%20also%20have%20a%20multi-forest%20environment%20with%20a%20two-way%20trust%2C%20you%20still%20only%20need%20one%20account.%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAdditional%20credentials%20are%20only%20required%20for%20each%20forest%20with%20non-Kerberos%20trust%20or%20no%20trust.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-multi-forest%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-multi-forest%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

Hello!

 

Installed the AATP sensor on our domain:

 

exampledomain.com - works ok with a standard user account on that domain as the directory credentials

 

Also have a child domain:

 

child.exampledomain.com - that handles all student accounts

 

Do we need to add another user account on the child.exampledomain.com domain directory credentials into the existing setup?  Or a different suggestion.  I didn't see anything in the microsoft docs about it.

 

Thanks

1 Reply

Hi @m_nicholls 

 

Your directory service account will need read access to all objects in the monitored domains.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step2#prerequisites

 

Yes, one account will work with: exampledomain.com &  child.exampledomain.com

 

If you also have a multi-forest environment with a two-way trust, you still only need one account. 

 

Additional credentials are only required for each forest with non-Kerberos trust or no trust.  

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-multi-forest

 

 

We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE