DFS replication monitoring under a non-administrative account

I have a DFS replication set up on two Windows Server 2012 machines in a domain, the DFS consists of one namespace, two servers, several replication groups each containing one folder. I have been ordered to implement DFS-R monitoring via our local monitoring system. I want to collect backlog between those two servers in order to find out whether the DFS replication is stalled. The problem is, calling dfsrdiag backlog requires local administrator privileges on both servers, which is undesirable due to security reasons - the monitoring account should not have access to DFS contents. I have found some articles (one, two) regarding assignment of permissions to run dfsrdiag backlog, but after assigning all the permissions (DCOM users, root/microsoftdfs WMI permissions, DFS delegation on the groups) the actual run results in "Operation Failed". dfsrdiag replicationstate works, dfsrdiag dumpmachinecfg fails with a general access denied error (0x80041003).

What permissions does the account lack to perform successful queries against DFS?

EDIT: If running an elevated command prompt via "run as administrator - runas /netonly /user:monitor cmd" while the user is granted the listed permissions but not administrator rights, the dfsrdiag dumpmachinecfg command produces correct output, but dfsr backlog still says access denied.