Configure Active Directory Agents

Agent Requirements

Overview

When you deploy an agent, the following SQL Server changes will be attempted by the Management Server service account during deployment:

  • Create a server login for the Domain Controllers (DC) group by default or the credentials supplied by the user on the Database page (db_securityadmin).
  • Create user login on the Auditor database for the DC group (db_owner).
  • Add the user login to the Auditor role (db_securityadmin or db_owner).

Agent Deployment Requirements

The account will need:

  • Administrator access to the target host
  • DBO access on the Auditor database
  • Remote registry services
  • DNS name resolution

Agent Service Account

The agent runs as Local System.

Deploy Active Directory Agents

After the initial installation of Cygna Auditor for Active Directory, you must deploy an agent to every domain controller (DC) you want to monitor Active Directory objects on. The AD agent automatically collects all changes that occur in Active Directory. The events are tracked as they occur.

For full monitoring coverage, we recommend deploying an agent to every DC in your network. Otherwise, not all activity will be monitored. You can deploy an agent to any domain controller, regardless of the forest the domain controller exists in.

Do not deploy agents to read-only domain controllers (RODCs). Remove any agents previously installed on RODCs.

  1. Start the console.
  2. Expand Cygna Auditing & Security Suite.
  3. Expand Active Directory.
  4. Right-click Domain Controllers, and then select Deploy agent.

Domain Controller Selection

  1. In the Deploy Active Directory Agent dialog box, under Domain Controller Selection, select the options as follows:
    • Deploy to all domain controllers in the following domain:
      • Click the browse button, then select the domain. Click OK.
    • Deploy to the following domain controllers:
      • Click the browse button, then select the domain. Click OK.
      • Select the DCs from the Domain Controller list.
      • To deploy agents to a DC in an external forest, click Change Forest. Provide the server name or IP address for the DC. Be sure to use credentials with read rights to connect to the external forest, and then click OK.
    • Select the Install the TLS 1.2 check box to install the SQL Server Native Client driver.
  1. In the Deploy Active Directory Agent dialog box, under Deployment Credentials, provide the logon credentials for the remote agent deployment. This account must have administrative rights on the destination server.
    • Select Use specified credentials, and then provide the domain\username for the account. Alternatively, click the browse button to search for the user account.
    • Enter the password and click OK.

Verify authentication using SQL or Windows authentication

  1. In the Deploy Active Directory Agent dialog box, select Database to open the Database Access page.
    • Verify authentication using either SQL or Windows authentication. If you choose Windows authentication, access to the database must be granted to the agents. If you choose SQL Server, no further authentication is required.
    • The Management Server service account requires sufficient access on the SQL Server to create logins and users on the SQL Server. If the service account does not have these rights, the AD agents will not have access to SQL Server and will remain in the Deployed or Starting status in the Management Console. The deployment will still be successful, however.

Note: All database activity originating from the destination DC will be executed using the credentials provided on this page.

Manage Agents

From the Domain Controllers node you can view the status of the agent and details of the DC such as OS & version, last update time, and the forest where the DC resides. You can also right-click a DC in the list and reload the settings, upgrade the agent, remove the agent, view the agent log file, restart, start, and stop the agent, and view its properties.

Uninstall and Upgrade the Agent

Note that it is not required that you restart to upgrade or uninstall the agent. However, you must restart the server to ensure all files are removed after an uninstall.