![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 45%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Tangoball76
You cannot install agent on a domain controller with only read permission. On member server you have to use a local admin account but on domain controller there is no local administrator
If you want install the agent on domain controller , you have to use a admin account member of domain administrators group.
In this case, you have to ask a admin alreday member of domain admins or administrators group to install the agent.
Microsoft recommend to not install 3<sup>rd</sup> party applications on DCs and limit the use of Domain Admin privileges as mentioned in this Microsoft article : Updating best practices for Domain Controllers
You should discuss with your security team if you can avoid to install this agent on all your domain controller in order to respect Microsoft best practise.
Please don't forget to accept helpful answer