On-Premise Data Collector Agent
Adding an On-Premise Data Collector Agent
Section titled “Adding an On-Premise Data Collector Agent”On-premise agents run on your own infrastructure and allow UAR to collect identity data from internal systems that are not reachable by the shared cloud agent (e.g., on-premise Active Directory, internal databases).
Prerequisites
Section titled “Prerequisites”- Administrator access to the UAR Platform
- A Windows server where the agent will be installed
- Administrator rights on the target server to run the MSI installer
- (Optional) A dedicated service account if you do not want the agent running as
NetworkService
Step 1 — Open the Agent Registration Dialog
Section titled “Step 1 — Open the Agent Registration Dialog”- In the left navigation, go to Administration → DC Agents
- Under the On-Premise Agents (Your Infrastructure) section, click + Add Agent
The Add On-Premise Agent dialog will open.
Step 2 — Enter Agent Details
Section titled “Step 2 — Enter Agent Details”| Field | Description |
|---|---|
| Agent Name | A friendly display name for this agent (e.g. Sydney DC, win2025-prod) |
| Description | Optional. A note describing the server or purpose of this agent |
Step 3 — Generate the OTP
Section titled “Step 3 — Generate the OTP”Click Generate OTP.
UAR will generate a one-time password (OTP) that is valid for 4 hours. The OTP is displayed at the top of the dialog along with its expiry time.
⚠️ The OTP is single-use and time-limited. If it expires before installation completes, cancel and start again to generate a new one.
Use the Copy button to copy the OTP to your clipboard.
Step 4 — Install the Agent on Your Server
Section titled “Step 4 — Install the Agent on Your Server”Download the installer
Section titled “Download the installer”Click Download Agent Installer (x.x.xxxx) to download the MSI to your machine. Transfer it to the target server if needed.
Choose your install method
Section titled “Choose your install method”Option A — Basic install (NetworkService account) (Recommended for most environments)
Section titled “Option A — Basic install (NetworkService account) (Recommended for most environments)”Run the following command on the target server as an Administrator:
msiexec /i "DataCollectorAgent-x.x.xxxx.msi" /quiet /norestart OTP="<your-otp>"The pre-filled command with your OTP is shown in the dialog and can be copied directly.
Option B — Custom service account
Section titled “Option B — Custom service account”If you require the agent to run under a specific domain service account:
msiexec /i "DataCollectorAgent-x.x.xxxx.msi" /quiet /norestart OTP="<your-otp>" SERVICE_ACCOUNT_TYPE="Custom" SERVICE_ACCOUNT_USERNAME="DOMAIN\SvcAcct" SERVICE_ACCOUNT_PASSWORD="your-password"Replace DOMAIN\SvcAcct and your-password with your actual service account credentials.
💡 The service account must have permission to query the identity sources you intend to collect from (e.g., read access to Active Directory).
Step 5 — Complete Registration
Section titled “Step 5 — Complete Registration”Once the installer has finished running on the server, return to UAR and click Complete Registration.
The agent will appear in the On-Premise Agents list. It may take a minute for the health status to update as the agent checks in for the first time.
After Installation
Section titled “After Installation”| Status | Description |
|---|---|
| Active / Unknown | Initial state immediately after registration — no heartbeat received yet |
| Active / Healthy | Agent is running and communicating normally |
| Active / Degraded | Agent is reachable but experiencing issues (stale heartbeat or performance problems) |
| Active / Unhealthy | Agent has not sent a heartbeat recently — check the service is running on the server |
| Inactive | Agent has been deactivated — it can be reactivated from this page |
Managing existing agents
Section titled “Managing existing agents”Each on-premise agent in the list has two actions:
- Deactivate — Suspends the agent without removing its registration. It can be reactivated by your Tikabu administrator.
- Remove — Permanently decommissions the agent. This cannot be undone — you would need to re-register the agent with a new OTP.
⚠️ Removing an agent does not uninstall the software from the server. Uninstall
DataCollectorAgentvia Add or Remove Programs on the server separately.
Troubleshooting
Section titled “Troubleshooting”| Symptom | Likely Cause | Action |
|---|---|---|
| Agent shows Unhealthy after install | Agent service failed to start or cannot reach UAR | Check the Windows service DataCollectorAgent is running on the server |
| OTP rejected during install | OTP has expired (4 hour limit) or already been used | Cancel, re-open Add Agent, and generate a new OTP |
| Agent does not appear after Complete Registration | Install did not complete successfully | Check the MSI install log: %TEMP%\DataCollectorAgent_install.log |
| Agent disappears from the list | Agent was Removed rather than Deactivated | Re-register the agent using a new OTP |