Sinefa Probes can be configured to retrieve username information directly from Active Directory Domain Controllers. This allows reports to be viewed with usernames rather than IP addresses even when users roam, or login from different devices and locations.
Configuring Sinefa Probes to connect to your AD Domain Controllers is easy.
- Navigate to Settings > Users > Active Directory
- Click Add to add a new AD server.
|Server||Enter the hostname or IP address of your AD Domain Controller.|
|Domain||Enter in the domain prefix required to be able to log into your AD Domain Controller|
|Username||Enter the username of a user on the AD server with appropriate permissions (see below for more details).|
|Password||Enter the user's password.|
|Groups||Select this if you would like to obtain the AD Security and Distribution group data|
|Apply to Probe(s)||Configure the Probes which can connect to this AD server to lookup username information. Default is All Probes.|
You should add all AD servers in your network that are domain controllers (not member servers).
By default, the Administrator user can access username information without any special permissions. For security reasons, system administrators can create, read-only, non administrator accounts for this purpose. See the How to allow Sinefa Probes to connect to Active Directory Domain Controllers as a non Administrator user article for more information.
Multiple device IP Address
Sinefa identifies users by the IP Address that the users device uses to authenticate to the Active Directory server. So if User A authenticates to Active Directory using IP Address 126.96.36.199 then Sinefa will associate traffic from 188.8.131.52 to User A. However if User A has multiple IP addresses on that device, and sends or receives traffic from another IP Address (say 184.108.40.206) then traffic from 220.127.116.11 will not be associated with User A. e.g. If you have IPv6 running alongside IPv4 in your network then a user's device may use the IPv4 address to authenticate to Active Directory but use their IPv6 address to access Youtube application.
|Do I need to allow access to my Domain Controllers from the Internet?||No, the Sinefa Probes will connect to your Domain Controllers directly from within your network. Sinefa does not connect to them from the cloud.|
|Do I need to put my 'Administrator' password into the Sinefa AD Settings?||No, using the guide mentioned above, you can create a read-only, non-Administrator user for this purpose if you prefer not to use the Administrator account.|
|How does this work?||Sinefa Probes connect to your AD Domain Controllers using remote WMI and query the server for user login events. This information provides username to IP address mapping so we can associate traffic on the network with individual users.|
|I've noticed data use being captured by the AD user that we've created to collect this information, why is that?||If the probe is placed in a different location across the WAN to the Active Directory server, you will notice that the AD queries that the Sinefa probe sends and receives will be captured on the traffic monitoring. It's normally advised to try and set up the probe as close as possible/in the same location as the AD server without compromising the quality of the reporting that you would receive from the Sinefa Probe.|
|Will this put any extra load on my AD servers?||The queries we run are very small and efficient and require very few resources to run. There will be no noticeable impact even on servers managing large numbers of users.|
|How do I limit which Probes connect to my AD Servers?||Use the 'Apply to Probe(s)' parameter to limit which Probe can talk to which AD Server.|