AATP and child domain

Senior Member



Installed the AATP sensor on our domain:


exampledomain.com - works ok with a standard user account on that domain as the directory credentials


Also have a child domain:


child.exampledomain.com - that handles all student accounts


Do we need to add another user account on the child.exampledomain.com domain directory credentials into the existing setup?  Or a different suggestion.  I didn't see anything in the microsoft docs about it.



1 Reply

Hi @m_nicholls 


Your directory service account will need read access to all objects in the monitored domains.  



Yes, one account will work with: exampledomain.com &  child.exampledomain.com


If you also have a multi-forest environment with a two-way trust, you still only need one account. 


Additional credentials are only required for each forest with non-Kerberos trust or no trust.