Active Directory

Modified on Wed, Jun 7, 2023 at 2:17 AM

Active Directory credentials can be added while performing the onboarding process or in the Probe/Agent tab -> click on the Action column and select Discovery Settings and add the Active Directory Credentials.

  • The Active Directory Scan is performed using the LDAP or SMB protocol. Once the scan is initiated, it will collect relevant data from the Active Directory server and send that to your CyberCNS instance.

  • To scan your Active Directory, navigate to Discovery Settings ->Active Directory Credentials. As in the below image click on New and add the credentials. Once the credentials are provided, the mentioned credentials should have SMB read, write & execute permissions.

To add Active Directory Credentials

  • Enter Name, Active Directory Domain, Active Directory DC Name, Username, and Password for the Active Directory credentials to be added. Likewise, can add multiple credentials in this section using the +Add sign.

  • Active Directory DC name can be an IP address or FQDN (Fully Qualified Domain Name).

  • Once the below details are provided, click on SAVE.

  • There is an option to Delete the Active Directory Credentials using the Action column. Any credentials can be deleted if needed.

  • Once the Active Directory Scan is successfully scanned, the resulting data set will be present in the Active Directory tab.

Active Directory Data Set

  • In Active Directory, the key four data set types which are scanned include Users, Computers, Groups, GPO, AND OU(Organisational Unit). In the Active Directory tab, detailed information on the Users, Computers, Groups, GPO, AND OU(Organisational Unit) will be available after a successful scan.

  • In Organisational Unit(OU), you can get the details of OU Name, Domain, Distinguished Name, Linked GPO, Empty, AND Is Critical.

  • Using the filter option, one can select a particular column and choose the data as per the requirement. It is possible to download the Full data or the Filtered data of the OU by clicking on the (

    ) download option, where the data will be downloaded in xlsx format.

  • In the Users, one can get the details of Name, Domain, Distinguished Name, Email, Login Name, Login Count, Department, Password Expired, Password Never Expired, etc. Using the Scroll Bar moving it to the right can get the User's details as shown in the below image.

  • When the filter option is selected, one can select a particular column and choose the data as per the requirement.

  • It is possible to download the Full data or the Filtered data of the Users by clicking on the (

    ) download option, where the data will be downloaded in xlsx format.

  • Once the number count is clicked in the Users, it will redirect to the Users part by showing the count in the filtered format.

[Example: Enabled 52 ← click on this count]

  • In Computers, one can get the details of Name, HostName, DNS, OS, OS Version, Last Logon Date, Enabled, Domain, etc. Using the ScrollBar moving it to the right can get the details of the Computers as shown in the below image.

  • When the filter option is selected, one can select a particular column and choose the data as per the requirement.

  • It is possible to download the Full data or the Filtered data of the Users by clicking on the (

    ) download option, where the data will be downloaded in xlsx format.

  • Once the number count is clicked in the Users it will redirect to the Users part by showing the count in the filtered format.

  • In GPO, one can get the details of Display Name, Domain, GPO modified time, Linked To, path, etc.

  • When the filter option is selected, one can select a particular column and choose the data as per the requirement.

  • It is possible to download the Full data or the Filtered data of the Users by clicking on the (

    ) download option, where the data will be downloaded in xlsx format.

  • Once the number count is clicked in the Users it will redirect to the Users part by showing the count in the filtered format.

  • In Groups, one can get the details of the Canonical Name, Managed By, Sam Account Name, Domain, Common Name, Category, etc. Using the ScrollBar moving it to the right can get the details of the Computers as shown in the below image.

  • When the filter option is selected, one can select a particular column and choose the data as per the requirement.

  • It is possible to download the Full data or the Filtered data of the Users by clicking on the (

    ) download option, where the data will be downloaded in xlsx format.

  • Once the number count is clicked in the Users it will redirect to the Users part by showing the count in the filtered format.

Active Directory Dashboard

Active Directory can display the changes of the Users on the dashboard for the selected Company. Every 15 mins the data will be refreshed through the Events Viewer on a Windows System.

  • As a prerequisite,

  1. One needs to install a lightweight agent (LWA) on the domain controller (one can only install one type of CyberCNS agent at a time on the system).

  2. You need to enable the AD Audit GPO Policy with certain permissions to read the data from AD.

  • Navigate to the main/global menu Overview, select the Active Directory using the dropdown under the Dashboard View.

  • In the Active Directory section of the Dashboard, under the Users section can get the stats for the Event Stats, Account-Based Event Stats, User Stats, Users Password Change Attempts, Recently Created Users, Recently Deleted Users, Recently Enabled Users, Recently Disabled Users, Locked Out & Unlocked Users Stats, Enabled And Disabled Users, Unlocked Users, Locked Out Users, Users Added To Distribution Groups, Users Added To Security Enabled Groups.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article