Configure AD Connector
Configure AD Connector
AD Connector connects to specified domain controllers (DCs) and periodically fetches user login security events from the DCs. AD Connector extracts all the DC IP to username mapping from these logs, and the collected AD IP to username mapping is posted to Secure Forwarder.
AD Connector connects to configured Domain Controllers and periodically fetches user login security events from the DCs. AD Connector extracts all the usernames to IP mapping from these logs and the collected AD IP > user mapping is posted to the OPLP VM. AD Connector can support multiple Domain controllers and multiple OPLP VAs. When multiple DC and OPLP VAs are configured, the login events from all the DCs are posted to all the OPLP VAs configured.
Secure Forwarder provides user visibility for traffic going through Secure Forwarder from this information. AD Connector supports using multiple DCs and multiple Secure Forwarders. When multiple DC and Secure Forwarders are configured, the login events from all the DCs are posted to all the configured Secure Forwarders. Select the AD Connector tab to begin.
The options in this tab are:
- Domain Controllers: Displays the list of domain controller names to extract login events from. Click Select DC Hosts to choose a list of domain controller hostnames or a specific domain name. If a hostname is provided, AD Connector will do a DNS resolution internally and connect to gather event data from all IPs returned.
If a domain name is specified, AD Connector identifies all of the DCs for the domain and fetches the login events from all the DCs.
- Secure Forwarder IPs: The Secure Forwarders IPs for which the login events are posted.
Secure Forwarder can be deployed as On-Premises Log Parser (OPLP) Virtual Appliance (VA) or as a Secure Forwarder. Specify the IP and port number of the OPLP or Secure Forwarder in the format
ip-address: portnumber
. The port number is 4400 for receiving AD updates for OPLP, and port 2200 for Secure Forwarder.Note
The format example is
172.16.128.101:2200
AD Connector can send log events to multiple Secure Forwarders and or OPLP VAs.
- Group Filters (optional): Like the Directory Importer, only login events for users that are part of these groups are extracted from DCs.
- Advanced Settings: Click Advanced Settings to use these options:
- User Info Collect Interval for Log Parser: Time interval in minutes when the AD Connector fetches the usernames and canonical names from the Global Catalog Server.
- Initial Login History Login Collection Interval: The initial interval of login event history to be collected from each of the listed DCs to post to the OPLP or Secure Forwarder.
- Log Level: Select the granularity and detail level of logs written to the files specified in the Log File Path location. Log levels represents the severity of the message. There are four different log levels, Error, Warning, Info, and Debug.
- Map User Information to AD Attribute: Specify which AD attributes to map to Netskope’s User field. This dropdown list contains available AD attributes from the domain. The default is
userPrincipalName
.Note
To complete AD connector set up, login to OPLP and execute the set log-upload eventuser-source ad command. This ensures ip2user mapping.
- Custom Attributes: Select custom attributes to be appended to the OU field. You can select up to 5 custom attributes to be mapped to the OU field.
- Log File Path: Shows the system location where the AD Connector sends corresponding Netskope logs.
- Status: Shows the status of the selected component.
- Service Name: Shows the name of the active AD Connector.