This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Size of active directory database showing empty size

I am trying to run the a report 'Size of Active Directory Database'. However, the report comes back empty showing no size (MB). I figured out that it requires NTFS discovery to run and find C:\windows\NTDS folder in order to capture the size. My question is What permission do I need to give the service account to read the size of the NTDS database ? Keeping in mind we do not want to give Domain Admin access to this service account
Parents
  • Hello,

    I see there is an error in that documentation online. I will report it, thank you! I will still reiterate that the report "Size of Active Directory Database" is indeed an Active Directory report and does not require the NTFS discovery to be executed. The report will require read rights to the Domain Controller's Registry (SYSTEM\CurrentControlSet\Services\NTDS\Parameters), and will also need read access to the Domain Controller's Administrative share and the NTDS subfolder - which is only granted to members of the "Administrators" group of the domain.

    As an alternative, running the NTFS discovery against the same folder location (either through the windows administrative share "\admin$\ntds" or through the c$ administrative share) on the Domain Controllers, you can collect the file sizes. However, you still have to have read file/folder permissions on the Domain Controller's file system.
Reply
  • Hello,

    I see there is an error in that documentation online. I will report it, thank you! I will still reiterate that the report "Size of Active Directory Database" is indeed an Active Directory report and does not require the NTFS discovery to be executed. The report will require read rights to the Domain Controller's Registry (SYSTEM\CurrentControlSet\Services\NTDS\Parameters), and will also need read access to the Domain Controller's Administrative share and the NTDS subfolder - which is only granted to members of the "Administrators" group of the domain.

    As an alternative, running the NTFS discovery against the same folder location (either through the windows administrative share "\admin$\ntds" or through the c$ administrative share) on the Domain Controllers, you can collect the file sizes. However, you still have to have read file/folder permissions on the Domain Controller's file system.
Children
No Data