Axonius Documentation
Start typing to search…

Microsoft Active Directory (AD)

Overview

Active Directory (AD) is Microsoft’s directory service that stores information about users, groups, devices, and other resources in a Windows domain. It is commonly used for authentication, authorization, and centralized management in enterprise environments.

The Microsoft Active Directory adapter connects Axonius to an AD domain. It retrieves user, group, device, and organizational information to support asset inventory, correlation, and security analysis. The adapter supports LDAP, LDAPS, and Kerberos connection methods.

Use cases the adapter solves

The adapter connects to Active Directory to identify users and devices, collecting data such as group memberships, organizational units, OS type, and distribution. This helps detect unmanaged Windows systems, verify agent coverage, analyze user access, and find over-privileged or inactive accounts, organizational units, OS type, and distribution. This helps detect unmanaged Windows systems, verify agent coverage, analyze user access, and find over-privileged or inactive accounts.

Types of Assets Fetched

Devices Users Groups Domains & URLs Organizational Units Compute Services Networks Accounts/Tenants Permissions

Data Retrieved from Active Directory

  • Devices: hostname, domain, OU, trusts, site, network details (interfaces, VLANs, IPs, MACs)
  • Users: username/UPN, display name, email, group memberships, OU memberships, password & logon data, account state, computed “Is Admin”
  • Groups: group metadata, memberships, customized group attributes (optional)
  • Permissions: user and group permissions (when Fetch Permissions via WinRM is enabled)
  • Networks: AD sites and subnets (when Fetch Subnets from Sites is enabled)

Before You Begin

Authentication Methods

  • Service Account with username/password
  • Kerberos authentication (realm-based with SASL GSSAPI)

Required Permissions

The service account used by the adapter must have the following permissions:

  • Read access to the domain
  • Membership in the Remote Management Users group
  • Membership in the Account Operators group
  • Interactive logon disabled

Related Enforcement Actions

Please refer to the Active Directory Related Enforcement Actions.


Updated 4 days ago