An account with delegated permissions is configured as the Admin User in the Defender Security Server (DSS) however users are unable to authenticate.
The DSS logs in C:\Program Files\Quest Software\Defender\DSS Active Directory Edition\Logs show the error, "Failed to write statistics Session ID xxxxxxxx" when this occurs.
Missing 'write' permissions on one of the delegated permissions to the user objects, or the user is a member of one of the predefined protected groups.
Please review the permissions delegated to the account as advised in Knowledge Article 43578, How to delegate Administrative rights in Defender.
This issue can also arise if the user is a member of a protected group:
When permissions are delegated using the Defender Delegated Administration Wizard, these permissions rely on the user object that inherits the permissions from the parent container. Members of protected groups do not inherit permissions from the parent container. Therefore, if you set permissions using the Defender Delegated Administration Wizard, these permissions are not applied to members of protected groups, e.g Domain Admins.
For more information on protected groups and Access Control, please refer to Microsoft Technet Article, Active Directory Security Groups.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy