Microsoft Active Directory

Enable the Microsoft Active Directory integration

The Panorama9 agent for Windows comes with built-in Microsoft Active Directory (AD) integration. During install of the agent you can enable the integration (recommended to do on at least one machine, preferably a server).

The integration allows you to:

Once enabled the Panorama9 agent will silently talk with your AD domain controllers and exchange information with the Panorama9 cloud. The agent runs in the background as a service and can be started, stopped or credentials updated as with other Windows services.

Remote install the P9 agent

Just getting one machine into the Panorama9 dashboard is not very useful and walking around to however many devices you have in your network is a bit of a drag. Once the "Microsoft AD integration" is enabled, you can configure how to deploy to other machines in your network through the dashboard. Just navigating to "Manage" -> "Deployment"

The agent is silent pushed to remote machines, and without putting a strain on your network. Select the machines you wish to install on and let P9 do the magic quietly in the background. For more info see here.

Import AD groups and members

When you let Panorama9 import your AD groups and members all the work you put into structuring your AD is directly available inside the dashboard.

Groups are useful when you want particular settings to apply to many machines. Instead of typing a long list of machine names you can just use the group name. Groups are also a good way to organize your machines if there are a lot of them since you get the ability to filter Panorama9 lists by group. To see imported groups navigate to "Assets" -> "Groups". Imported AD groups are listed along with any manually and P9 automatically created groups, but marked with "AD".

When you add or remove a machine account from an AD group, it will be reflected in the Panorama dashboard. To get more info about groups and how to use them see here.

Should you wish to stop import of AD groups you just need to disable the "Manage" -> "Extensions" -> "Active Directy". You will still be able to remote install the agent and blind spot devices without the agent.

Last updated:

Comments

  • Avatar
    Mike Fischer

    Do you need write access?

    How exactly does this interact with a domain controller?

  • Avatar
    IT-Man

    @Mike

    No, the P9 agent requires credentials that as minimum has read access.

    The P9 agent with the AD integration enabled runs as a Windows service and talks to your domain controller(s) in the background. It's more or less doing LDAP queries (at regular intervals to avoid overloading your network).

    Collected info is sent to the Panorama9 Dashboard. You can then remote install the agent, blind spot devices without the agent and use AD groups inside the Dashboard.

  • Avatar
    Tomé Lopes

    What is the advantage of having this "option" active?
    I have the extension enable, the group created by me but I dont know how to "Enable the Microsoft Active Directory integration" has you have in your first print screen. I unistalled and installed the agent and I dont have the option for "Enable the Microsoft Active Directory integration" as you show on your first print screen. Why ?

  • Avatar
    IT-Man

    Hi Tomé

    The screenshot is from the latest version of the P9 agents. Your version has the same functionality, but the install screen may be something like "Easy Deployment".

    Once our build system has fully updated all pre-build P9 agents you can download latest version through the Dashboard.

    Best regards

    Claus Tjoerndal