Skip to main content

Active Directory

As a Root Administrator, you can select Enable Active Directory integration to allow your group policies to be automatically updated in Software Vulnerability Manager when changes are made to the Active Directory.

info

Switching to Active Directory will hide your current Sites structure and the Results>Sites menu. For these to be displayed you must disable the Active Directory integration, logout, and then login to Software Vulnerability Manager. It is NOT recommended to toggle Active Directory on and off unnecessarily.

note

In the SVM new User Interface, you can now configure Active Directory scan and use the schedule options to set Active Directory scans at selected intervals using daemon. Manual scan cannot be done.

Requirements to integrate Software Vulnerability Manager with the Active Directory Domain:

  • Active Directory Domain environment

  • Domain User privileges

  • Port 3268 (msft-gc protocol) open between Domain Controller and Software Vulnerability Manager Host

Enabling Active Directory imports all discovered computer objects in the Active Directory Schema. Disabling Active Directory does not delete the computer objects in Software Vulnerability Manager. Deleting sensitive computer information in Software Vulnerability Manager must be done manually by the user.

Use the options below to control which Active Directory paths will be scanned. The Active Directory scanner will attempt to fetch the widest structure possible starting from the provided root location. The scanner only analyses Domain Controllers and Organizational Units.

All accessible branches - By looking at the Active Directory Partitions, the scanner determines the accessible Domain Controllers that can be scanned.

Specific Domain Controller - You can specify a certain Domain Controller to be scanned. It must be accessible from the host running Software Vulnerability Manager. Select Set nETBIOSName manually to enter the nETBIOSName of the Domain Controller.

The view options help you control how the elements of the Active Directory are displayed. You can select the Show Distinguished Names for sites instead of single Organizational Units check box to display multiple Organizational Units with the same name. Note that this does not affect the Site name for server-side exports or generated reports.

You can use the schedule options to set Active Directory scans at regular intervals or perform a manual scan.

note

Manual Active directory scan requires Internet Explorer running in Admin mode with ActiveX functionality and will be available only with previous interface (https://csi7.secunia.com).