Enable the Microsoft Active Directory integration
The Panorama9 agent for Windows comes with built-in Microsoft Active Directory (AD) integration. During install of the agent you can enable the integration (recommended to do on at least one machine, preferably a server).
The integration allows you to:
- Remote install the P9 agent to machines.
- Eliminate blind spots and find devices that aren't being monitored.
- Automatically import AD groups and members.
Once enabled the Panorama9 agent will silently talk with your AD domain controllers and exchange information with the Panorama9 cloud. The agent runs in the background as a service and can be started, stopped or credentials updated as with other Windows services.
Remote install the P9 agent
Just getting one machine into the Panorama9 dashboard is not very useful and walking around to however many devices you have in your network is a bit of a drag. Once the "Microsoft AD integration" is enabled, you can configure how to deploy to other machines in your network through the dashboard. Just navigating to "Manage" -> "Deployment".
The agent is silent pushed to remote machines, and without putting a strain on your network. Select the machines you wish to install on and let P9 do the magic quietly in the background. For more info see here.
Import AD groups and members
When you let Panorama9 import your AD groups and members all the work you put into structuring your AD is directly available inside the dashboard.
Groups are useful when you want particular settings to apply to many machines. Instead of typing a long list of machine names you can just use the group name. Groups are also a good way to organize your machines if there are a lot of them since you get the ability to filter Panorama9 lists by group. To see imported groups navigate to "Assets" -> "Groups". Imported AD groups are listed along with any manually and P9 automatically created groups, but marked with "AD".
When you add or remove a machine account from an AD group, it will be reflected in the Panorama dashboard. To get more info about groups and how to use them see here.
Should you wish to stop import of AD groups you just need to disable the "Manage" -> "Extensions" -> "Active Directy". You will still be able to remote install the agent and blind spot devices without the agent.