some times you need to use the distinguished name for users in AD , this name doesn’t come in Active Directory Users and Computers, so to find such name there are multiple ways you can find them on the link which I’m sharing, but the one i will mention here is by using DSQUERY command:
Dsquery user forestroot –samid “XYZ”
Resources:
I had a Firewall Appliance which requires to read AD logs by using a normal AD user, to fulfill this requirement i found a very good article i want to summarize it and share it with you:
Note: you have to use Administrative Privilege ( Domain Admin or Local Administrator on the Server)
go to Domain Controllers –> Default Domain Controller Policy
Right click —-> Edit
Under Computer Configuration—> Windows Settings —> Security Settings —-> Local Policy —> User Rights Assignment
Select and double click on Manage auditing and Security Log
Select Add User or Group —> Browse to add the user —> then OK —> OK
Go to RUN on start Menu —> Type “wmimgmt.msc”
Right click on WMI control —-> select Properties —> security Tap —-> Expand ROOT —->Select Security Folder —> then Security on the bottom of the Box
Press Add to add the user —-> on the permission check the allow box for Execute Methods —> then OK
Now this user has the access to read the security AD event log only.
If you have more than one Domain Controller, you have to do the same settings on all of them.
you can test this by login using the same user name, open the server manager —> connect to different computer ( the DC ) —> open the event logs , you will see you have only access to the security logs.
If you want to give users access to all event logs in the domain controllers (not just the security event log), you can either add the users to the event log readers group or follow the steps in the following article:
Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008
Mohammad Sartawi's Blog 