I prefer to not have too many accounts with domain admin; I use the principal of least priviledge in our domain. Therefore, I created a single user called "panuser". I granted it permission in the domain controller GPO to read the DC event logs. I made it a local admin on the server hosting the User ID agent, AND, I set the User ID service to start using that same account. I did this for consistency as I have only one account to deal with if there is a problem. Second, it seemed like not everything worked properly until I did this.
... View more