Active Directory

Active Directory monitoring plugin, collecting information from users and related
services.

Introduction

Active Directory monitoring plugin, collecting information from users and related services.

Compatibility matrix

Developed to be used with Powershell v3.0 or higher

Prerequisites

This plugin uses PowerShell® 3.0 commands to collect information from users and services related to Active Directory®.

● PowerShell® v3.0 or higher.
● Active Directory Powershell® Module.
● Repadmin.

The deployment of this plugin by binaries has no special requirements.

Configuration

The Active Directory plugin configuration file is divided into blocks:

User

# User
user = all

user

Set “all” if you want to retrieve the full list of enabled users in Active Directory. If you just want to look for a single user, enter the name of the user instead of "all". Comment the line if you don’t want to extract any user data.

Unused

# Unused
unused = 1

 

unused

It will allow you to see the list of users that have not been used for at least two months. Set 1 to enable it and 0 to disable it.

SPN

# SPN
spnm = 0

SPN

It will allow you to see the SPN suffixes. Set 1 to enable it and 0 to disable it.

UPN

# UPN
upnm = 0

UPN

It will allow you to see the UPN suffixes. Set 1 to enable it and 0 to disable it.

tests

# tests
tests = 0

 

tests

It will allow to extract the information from the AD diagnostic tests that the dcdiag tool returns. Set 1 to enable it and 0 to disable it.

Manual execution

To run the plugin, configure the configuration file according to the preceding instructions. The execution itself would be the call to the executable .exe, passing the configuration file with its path as the first parameter.

Plugin execution:

[path_to_plugin]\active_directory.exe [path_to_conf]\adparams.txt

Configuration in Pandora

In order to fully manage the plugin execution from the web console, we will distribute the plugin through collections:

1. A new collection will be created in the Configuration>Collections section. With short name "ad_plugin" and name Active Directory plugin.

image-1629978602832.png

2. In the "Files" section of the collection, click on "Upload Files" to upload the plugin executable and the configuration file (previously edited according to the data to be extracted):

image-1629978632689.png

3. In the "Data" section of the collection, click on "Create File again" to generate the collection and then click on "Update".

image-1629978669593.png

4. In the Administration View of the agent in which the plugin needs to be launched (it must have a software agent installed), the collection created will be added in the "Collections" section:

image-1629978696835.png

5. Finally, the plugin execution needs to be added in the "Agent plugins" tab. As it has been added via collection, the executable and the configuration file will be created in the installation path of the software agent on the \collections\ad_plugin computer:

image-1629978728372.png

In a default installation path of the software agent and following the short name of the collection of this manual, the execution would be as follows:

"%ProgramFiles%\Pandora_Agent\collections\ad_plugin\active_directory.exe"
"%ProgramFiles%\Pandora_Agent\collections\ad_plugin\adparams.txt"

 

Modules generated

The standard execution of this plugin will return the following modules by default (with all optional blocks enabled):

Monitoring:

● AD Users
● Unused AD User
● AD Schema Master
● AD Root Domain
● AD Forest Domains
● AD Computer DNS Host Name
● AD Global Catalogs
● AD SPN suffixes
● AD UPN suffixes
● Connectivity
● Replication admin
● Service DNS status
● Service DFS Replication status
● Service Intersite Messaging status
● Service Kerberos Key Distribution Center status
● Service NetLogon status
● Service Active Directory Domain Services status
● Test Advertising status
● Test FrsEvent status
● Test SysVolCheck status
● Test KccEvent status
● Test KnowsOfRoleHolders status
● Test MachineAccount status
● Test NCSecDesc status
● Test Netlogons status
● Test ObjectsReplicated status
● Test Replication status
● Test RidManager status
● Test Services status
● Test SystemLog status
● Test VerifyReferences status