Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Archive > 2017October31 - LEM Deletes > Using Active Directory groups in LEM rules and filters

Using Active Directory groups in LEM rules and filters

If your organization uses Microsoft Active Directory (AD) to manage users and computers, you can extend your existing directory service (DS) groups to LEM to simplify the management of LEM rules and filters. After connecting LEM to Active Directory, any changes you make in Active Directory to directory service (DS) groups will propagate to rules and filters in LEM.

The following sections explain how to integrate Active Directory and LEM for use with LEM rules and filters. To learn how to allow users to log in to LEM using their Active Directory credentials, see "Set up Active Directory authentication in LEM."

Why use directory services groups in rules and filters?

By extending directory service groups to LEM, you avoid having to maintain duplicate groups of users and computers in LEM, saving time and reducing the risk of human error. Following integration, you can white-list or black-list select Active Directory groups using LEM rules and filters.

Configure Active Directory and LEM for use with LEM rules and filters

Complete the following steps to use Active Directory user and computer accounts with LEM rules and filters:

  1. Configure the Directory Service Connector
  2. Synchronize directory service groups with LEM

Configure the Directory Service Query Connector

DS groups are only available on the LEM Managers that complete the following integration steps. If you have not yet configured the Directory Service Query Connector on the LEM Manager that will implement DS groups, do it now. Before you begin, gather the following information to configure the Directory Service Query Connector:

  • Either the IP address or fully-qualified domain name (FQDN) of the Active Directory server.
  • The domain credentials for an account that the Directory Service Query connector can use. SolarWinds recommends using a service account with a non-expiring password. This account does not need elevated privileges (such as Domain Admin privileges).

To get directory server details, open a Windows command prompt on a computer on the correct network and type nslookup.

  1. Log in to the LEM console as an administrator.
  2. Access the targeted LEM Manager.
  3. Click Manage > Appliances.
  4. Click the gear icon next to your LEM manager and select Connectors.
  5. Enter Directory Service Query in the search box on the Refine Results pane.
  6. Click the gear icon next to the master connector on the right, and select New.
  7. Complete the Directory Service Query connector form:

    1. In the Domain Name field, enter the fully-qualified domain name for your directory service server using lowercase characters.

      For example, solarwinds.com.

    2. In the Directory Service Server field, enter the IP address or hostname of your directory service server.

      SolarWinds recommends using the IP address to avoid possible DNS issues. The LEM network configurations (netconfig) allow for setting or changing the DNS server to resolve the host.

    3. Enter the domain credentials for a user account that the connector can use.

      SolarWinds recommends using a service account with a non-expiring password, otherwise you will have to manually update the connector every time the password expires. This account does not need elevated privileges. When entering domain credentials, provide only the user name.

    4. Enter the domain credentials for a user account that the connector can use.

      SolarWinds recommends using a service account with a non-expiring password, otherwise you must manually update the connector every time the password expires. This account does not need elevated privileges. When entering domain credentials, provide only the user name.

  8. When finished, click Save.
  9. Locate the new instance of the connector. The gray icon in the Status column indicates that the connector is not running.
  10. Click the gear icon next to the new connector and select Start. A green icon in the Status column indicates that the connector is running.

To test the connector settings, click the Test Domain Connection button. Test results are displayed as an alert in the SolarWinds Alerts filter. The test does not display a pop-up message.

Synchronize directory service groups with LEM

Complete these steps to select which DS groups to synchronize with LEM. The synchronization process runs every five minutes as long as the connector is running.

Before you begin, the Directory Service Query connector must be configured on LEM Manager.

  1. Log in to the LEM Console.
  2. Click Build > Groups.
  3. Click File:Success_Center/Reusable_content_-_InfoDev/LEM/010/030/button-plus(gray).png in the upper right corner of the Groups toolbar and select Directory Service Group.

    The Select Directory Service Group form opens.

  4. Select from the list the LEM Manager that will use the DS groups.
  5. Use the folder tree on the left to populate the Available Groups pane on the right. The form displays the actual contents (folders and Group categories) of your directory service system.

    Each folder contains the group categories associated with that area of your directory service. You can maximize a folder to display the group categories within the folder.

    The Available Groups section lists a different set of group categories with each folder you select. For example, clicking the Users folder displays a different set of group categories compared to the Laptops folder.

  6. Select the directory service groups that you want to import into LEM Manager.
    File:Success_Center/Reusable_content_-_InfoDev/LEM/010/030/dsgroups1.png
  7. Repeat the previous two steps until you have selected all of the groups that you want to import.
  8. Click Save.

    The system synchronizes the DS groups to LEM and adds them to the Groups grid. You can now use the DS groups with your rules and filters.

View a directory service group member in the LEM console

The Groups grid displays various LEM groups, including each Directory Service group synchronized with LEM. Select a DS group in the grid to view the members of that group in the Directory Service Group pane.

  1. Open the console and choose Build > Groups.
  2. In the Groups grid, select the Directory Service group you want to view. (Tip: To sort groups by group type, click the Type column heading.)

    The Directory Service Group pane lists the group members.

Directory services group grid columns

The Directory Services Group pane lists each computer account and user account associated with the DS group. The following table describes each grid column.

Column Description

Type

Displays an icon that shows if the group member is a user or a computer. The computer icon represents a computer account. The person icon represents a user account.

Name

The name of the group member.

Description

The description associated with the group member in directory services.

SAM Name

The account name of the member.

Principal Name

The principal name of the member.

Distinguish Name

The complete distinguished name of the member.

Email

The email address of the member.

Remove a directory service group from LEM

Directory service groups can be deleted from LEM the same as any other group. Deleting a DS group, however, does not remove the group from Active Directory. You can restore a DS group at any time.

  1. Open the console and choose Build > Groups.
  2. In the Groups grid, select the Directory Service group you want to remove. (Tip: To sort groups by group type, click the Type column heading.)

  3. Click the gear icon and choose Delete.

 

 
Last modified

Tags

Classifications

Public