We are setting up McAfee SIEM in our environment to tail the DNS log files on our DNS servers which are also DC's. The application requires the service account to be a local admin but of course "local admin" does not exist on a DC... I did find the article below on using the Netlocal group command....
I tried this in my lab and did add the test user to the local administrator group. Here are my questions
What actual rights would this user account have in AD and on other DC?