To manage an Active Directory endpoint or group of endpoints, you must install at least one Windows agent in each Active Directory domain. The agent must also run under the domain administrator account.
NOTE:You can assign multiple domain controllers to a single domain, but only one Active Directory endpoint is required per domain. A domain controller is a computer that helps manage all aspects of user domain interactions. Some domains have multiple domain controllers.
You can manually add endpoints for your Active Directory instances in Secure Configuration Manager, and then manage those Active Directory instances locally with a Windows agent or using a proxy Windows agent. If you want to manage an Active Directory endpoint by proxy, review the proxy requirements, particularly if the Windows agent does not reside on the domain controller. For more information about proxy requirements, see Proxy Requirements.
Secure Configuration Manager does not allow an endpoint to be monitored by more than one agent on a computer. You must use a unique endpoint name when you add an Active Directory endpoint, otherwise an error will occur. You can use Admin Reports to run a report containing every known agent and its associated system and endpoints. To run this report, select Tools > Admin Reports > All Systems, Agents, and Endpoints.