Active Directory servers¶
Plixer Endpoint Analytics treats Microsoft Active Directory as a “trusted” source of information when collecting endpoint data from members of an AD domain. Because data is collected by querying AD domain controllers using LDAP, the system must be configured with both the AD server information and the credentials of a user with LDAP query privileges. The Base DN from which to begin the query is also required.
AD server settings can be configured by navigating to Configuration > Active Directory Servers.
Adding an Active Directory Server¶
To configure a new AD server, select Add Active Directory Server from the AD server configuration submenu, and then follow these steps:
Under Server Name:, enter the server name in FQDN format (required if LDAPS is enabled) or the server IP address.
If the Use LDAPS checkbox is ticked, an additional field labeled Certificate (PEM Format) will be displayed. Paste the PEM-formatted CA certificate chain into this field or use the Upload Certificate button to upload it from a local file.
Under Description:, enter an optional description for the current AD server record.
Under User Name:, enter the user name for an AD service account with the required access privileges (LDAP or LDAPS) using the format
username@ad.domain.com
.Under Password:, enter the current password for the AD service account.
Under Base DN:, enter the Base DN for the LDAP/LDAPS lookup. Click the Suggest Base DN button to have the system pull the Base DN from the domain name of the service account.
If desired, click the Test Connection button to verify the details entered. Click the Save button to save the configuration when done.
Multiple AD servers can be added by repeating these steps. Servers can also be added using the Add Active Directory Server button on the Active Directory servers list page.
Once added, an Active Directory server will be queried by the system every 120 minutes.
Editing/deleting an Active Directory server¶
To delete or modify an existing Active Directory server from the system, follow these steps:
Select List Active Directory Servers from the Active Directory Servers configuration submenu.
Click on any AD server name to open the Edit Active Directory Server page.
From there, you can either edit the configured settings or click the Delete button to delete the server.
Click Save.
Hint
For larger AD deployments (over 2,500 computer objects per DC), it may be ideal to configure multiple AD server instances for a single physical AD server within Plixer Endpoint Analytics, so that LDAP queries for computer objects can be initiated from two more Base DNs.