Full Active Directory Sync

Full Active Directory Sync

In the Full Active Directory Sync, one Endpoint client is defined as the Active Directory scanner, it collects the information and sends it to the Security Management Server.

To configure the AD scanner:

  1. From the left navigation panel, click Asset Management.
  2. In the left pane, click Computers.
  3. From the top toolbar, click (General Actions) and click Directory Scanner.

    The Scanner window opens.

  4. Fill in this information:
    Section Required Information
    Connect from computer
    • Computer name - Select a computer as your AD scanner.

    AD Login details
    • User name (AD) - Enter the user name to access the Active Directory.

    • Domain name - Enter the domain of the Active Directory.

    • Password (AD) - Enter the password to access the Active Directory.

    AD Connection
    • Domain controller - Enter the name of the Domain controller.

    • Port - Enter the number of the listening port on the Domain controller.

    • Use SSL communication (recommended) - Select this checkbox if you want the connection between the AD scanner to the Domain Controller to be over SSL.

    • LDAP Path - The address of the scanned directory server.

    • Search filter - If required, enter search criteria to selectively sync only matching entries from the directory server. For more information, see LDAP syntax.

    • Sync AD every - Specify the time interval in minutes for the system to initiate the scan. Supported range is 5 (min) to 240 (max) minutes.

      Note:
      • If you set a value outside the supported range (for example 4 or 241), the system resets the value to the closest threshold value.

      • The recommended time interval is 120 minutes.

When you create a new AD scanner, the organization directory scan is automatically disabled.

To see information on your activated AD scanners, go to the Endpoint Settings view.

Note:

You can also open the AD scanner configuration pop-up from Endpoint Settings > AD Scanners > Default Scanner > Setup full Active Directory sync.