Unfortunately, the story doesn't end here because another issue popped up.
So i had foreseen to run identity collector as a service under another service account, freshly created and with the domain user permissions, user is part of group 'Event Log Readers' group.
As soon as i run cpidc.exe as a service and under this new service account, everything stops working, all identity sources are yellow and no identities are collected anymore.
When i remove the service account and let the service run under my domain admin account, everthing changes instantly to green again and identities are collected.
This for sure has to do with user rights in Windows, but it seems like having a domain user with group membership of 'Event Log Readers' group is not enough?
Please help me understand what i'm missing 🙂