Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture Client 3.0 - AD Integration - can't find it

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

I'am not running an AD but I was eager to test the new AD Integration in CC 3.0. I deployed CC on my test AD controller (W2K12 R2) but where do I define the AD groups to assign policies to them?

The release notes mentioning this:

The AD enhancements include:

  • Creating dynamic user groups based on Active Directory User Group names.
  • Creating dynamic user groups based on Active Directory OU names.
  • By default, being able to browse devices by groups and being able to easily see the devices in a specific group. 

But the management console does not allow dynamic user groups.

What am I doing wrong here?

--Michael@BWC

Category: Capture Client
Reply

Best Answer

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    found it ... so "Creating dynamic user groups based on Active Directory User Group names." actually means "Creating dynamic device groups based on Active Directory User Group names.".

    The AD "integration" is a bit rudimentary, is there some form of synchronistation planned for the future to make groups selectable? It's not very comfortable the way how it works right now. But better than nothing :)

    --Michael@BWC

  • Yes, Michael@BWC. I totally agree that this is very rudimentary at this moment. But this is just the beginning, more coming up soon.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • SuroopMCSuroopMC SonicWall Employee

    One thing to note about AD synchronization - there is actually no need to setup an LDAP/AD server, no need to plug in credentials or anything of the sort. The AD information is obtained directly from the endpoint - which is why there is no LDAP explorer per se. We believe this to be a more robust and cloud-friendly method because you cannot really setup an LDAP connection with Azure AD. So its agnostic to where your AD is - either on prem or in the cloud. But do keep the feedback coming in and we'll continue to evaluate enhancements!

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited May 2020

    Hi @SuroopMC

    I'am also testing "native" SentinelOne at the moment, it's their approach to do it. SOPHOS for example provides an AD Directory Sync service which is installed locally and transfers the AD information to the cloud backend, don't know if this works with Azure AD which you mentioned.

    One customer told me he prefers that there is NO sync at all, because he don't wanna have the AD exposed externally. So one size does not fit all, but that's ok.

    Did you guys checked this against special characters (german umlauts etc.) in group names etc? Because this is a very common drawback in global products.

    --Michael@BWC

  • ThomTurnerThomTurner Newbie ✭

    Hi @SuroopMC ,

    Does the CC client use a Group policy query like GPresult to understand what AD groups a user or computer are members off? I'd be keen to get some more detail on how capture client retrieves AD info


    Thanks,

Sign In or Register to comment.