After installing Defender without error, when attempting to create defender objects in AD, the Defender menu along with the right-click options are missing which prevent creation of necessary objects.
It is possible the Defender Administration Console was not installed. It will need to be installed on every workstation or server that will administrate Defender objects within AD.
Confirm that the Defender Administration Console is installed:
Confirm the account being used to access ADUC and the Defender Administration Console is a member of the Domain Admins or Administrators group.
When first installing Defender, delegation of privileges may have been skipped in which case they will need to be delegated.
Confirm that it is a permissions issue by checking the effective access the account has over the Access Nodes OU.
Here are the steps to check it:
If access is denied then the 'Full Control' options will need to be delegated to the account or security group in order to have the options to add/edit access nodes and policies.
The DefenderRightsUI.exe tool can be used. It is found here: C:\Program Files\One Identity\Defender\Administration Console\DelegatedAdmin
© 2025 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie首选项中心