We have deploy defender on a client environment.It's a financial organization (bank).
Defender installation and license set---ok
the service account is member of Enterprise Administrators group---Schema Administrators group---Domain Admins group and member of the Local Administrators group of the server on which Defender is installed.
The Service account have been also be delegated full access and right on Defender objects.
On the registry read and write access have be granted to NETWORK SERVICE and service account on Schedule reports objects.
this is the error message we get when we tried to program token through ADUC ------"" Not all the selected objects were able to be assigned. Please ensure that you have the correct rights to update the selected objects in Active Directory""
this error occurred at the step of selecting the user from AD.
From the Web Portal Management we got this error : Unable to program token.
On the Local Administrators group member there is no orphan entries.
Which right the service account should have for Defender to be able to update token objects on the Active Directory?
In case the security on AD have neen hardened is it possible to be the case ?? if so How to solve it??
Actually the defender have been reinstalled on a brand new server windows 2022 but still getting the same error even working with professional service..