HomeLiongardRequest a DemoKnowledge Base
Guides

Active Directory

This document provides the steps required to configure the Active Directory Inspector.

Suggest Edits

👍

Quick Details

Recommended Agent: Self-Managed
Supported Agents: Self-Managed
Is Auto-Discovered By: Active Directory
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: Endpoint Agent, CLI
Data Summary: Here

Overview

See it in Action

❗️

Operating System Support

This Inspector has limited support when run against domain controllers running Windows Server 2012 R2 or older operating systems.

📘

Windows Agent

These instructions assume that you already have a Windows Agent installed on a domain controller in the Environment (e.g., on the local network). For best results, the agent should be installed directly on a domain controller with DNS and DHCP roles installed. Other agent installation locations, such as on a server other than a domain controller or a domain controller without DNS and DHCP roles installed, may result in an incomplete data print.

For other agent deployment instructions and best practices, refer to our Agents documentation

Inspector Setup Preparation

🚧

Active Directory PowerShell Scripts

Upon activation, the Active Directory Inspector will run a series of PowerShell scripts to return data to Liongard.

Ensure your system accounts for these actions to take place by allowlisting the Agent within the applicable software, such as ThreatLocker.

Liongard Inspector Setup

Single Inspector Liongard Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Active Directory Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System should be associated to
  • Friendly Name: Suggested "Active Directory [Environment Name]"
  • Agent: Select the On-premises Agent installed for this Environment
  • Inspector Version: Latest
  • Limit Search by Organizational Units (Optional): Specify a semi-colon separated list of OU distinguished names to limit the inspection.
    • Note: This will only affect items such as Computers, Users, and Groups.
    • Leave this field blank to search all of Active Directory.
  • Trimmed Inspector Payload (Optional): Leave this blank unless you have issues with payload size. By choosing a level 1-5 with 5 being the most trimmed Data Print, you will be opting into bringing back a trimmed Inspector payload. Fore more information, please review our documentation.
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Active Directory Inspector KB and FAQs

Active Directory Inspector KB and FAQs

Inspector FAQs

Updated 8 months ago