Active Directory Scanner
R81 Harmony Endpoint Server Administration Guide|94
Note - If the scanner is for a specific OU in the domain, only the groups and group members in
the OU are included in the scan. If your groups contain members from different OUs we highly
recommend configuring the LDAP Path of the scan to the root of the domain, to avoid
inconsistencies.
If the domains use DNS servers, make sure that:
n
The DNS server is configured on the Endpoint Security Management Server.
n
The DNS server can supply a list of domain controllers in its domain. We recommend
that you configure the DNS server to supply a list of the domain controllers for all
domains that the Directory Scanner will scan.
To create a scanner instance:
1. In SmartEndpoint, open the Deployment tab > Organization Scanners.
2. Click Add Directory Scanner.
3. In the Active Directory Scanner Settings window:
n
Domain Name -Enter the Domain Name in FQDN format, for example,
example.com.
n
Username and Password -Enter the Username and Password of an administrator.
The administrator must have read permissions to the scan path and the deleted
objects container.
Note - xxx
n
@ -The UPN suffix for the administrator is filled in automatically. Change it if it is
different than the FQDN.
4. In the Advanced area, select or enter the IP Address of the Domain Controller. If the
domain has DNS, this is filled in automatically.
5.
In LDAP Path, click the browse button to select an OU. If you do not select an OU,
the full domain is scanned.
6. You can change the default values in the Advanced area:
n
Connection - Choose the type of connection for the Directory Scanner
communication:
n
GSS Enabled - Uses DNS to create Kerberos ticket requests. If DNS is not
configured correctly on the Endpoint Security Management Server, the connection
is not successful. By default, this is not selected.
To Next Page
Loading...
