In these days, security is very important when managing Intel AMT and Active Directory.
The current "Intel EMA Server Installation and Maintenance Guide v188.8.131.52" is lacking correct Active Directory ACL permissions.
The guide is only referring to using "Full Control" within your AMT OU. From a security perspective this is not recommended and it is important that Intel specifies only the required ACL permissions for OU needed by Intel EMA.
I have tried to use the permissions as documented here, but it apparently that is not sufficient for Intel EMA
Please update your guide with correct and the only needed ACL.