So, neither the Powershell-native Get-Service NTDS nor the Icinga check Invoke-IcingaCheckService -Service NTDS are able to find the service in a non-admin Powershell.
Do you know of a way to make Invoke-IcingaCheckService “see” this Windows Service?
(Maybe by somehow elevating its privileges?)
Thanks sincerely! – Barney
Icinga for Windows v1.10.1 (agent 2.12.9, framework v1.10.1, plugins 1.10.0, service 1.2)
Microsoft Windows Server 2019 Standard 10.0.17763 (with role “Active Directory Domain Services”)
sadly no. The workaround for one agent was to add the “Networking Service” user (in whose user context the icinga2.exe process is running) to the local admin group.
This worked, but has obvious security and manageability drawbacks; so I’ve never rolled this out to other windows agents.
However, this error is a dealbreaker (not only) for AD monitoring so I’m thinking about writing a bug report once I’ve got some time.
Thanks… Adding it to “local admin group” on the DC is not a good option as you say so I will not do that… I’ll figure out another way of monitoring AD DC’s then Thanks for your reply!