Active Directory Agent Deployment
Before deploying the Active Directory (AD) agent, ensure all AD Agent Server Requirements have been met. To effectively monitor Active Directory, it is necessary to deploy an AD agent to every domain controller, including the read only domain controllers. However, it is possible to deploy the agents in batches. Follow the steps to deploy the AD agents to the domain controllers in the target domain.
NOTE: These steps are specific to deploying AD agents for monitoring Active Directory.
Step 1 – On the Agents tab, click Add agent to open the Add New Agent(s) window.
Step 2 – Click on the Install agents on Active Directory domain controllers link to deploy activity agents to multiple domain controllers.
NOTE: The Activity Monitor will validate the entered Host Name or IP Address entered in the Server Name text box.
Step 3 – Specify the port that should be used by the new agent(s).
Step 4 – Select the agent installation path.
RECOMMENDED: Use the default installation path.
Step 5 – On the Active Directory Connection page, enter the domain, and specify an account that is a member of BUILTIN\Administrators group on the domain. Then, click Connect.
When the connection is successful, the Next button is enabled. Click Next to continue.
NOTE: An Administrator’s credentials are required to test the connection to the server. This is the only way to enable the Next button.
Step 6 – On the Domains To Monitor page, available domains display in a list, checked by default. Check/uncheck the boxes as desired to identify the domains to monitor, then click Next.
Step 7 – On the Domain Controllers to deploy the Agent to page, available domain controllers display in a list, checked by default. Check/uncheck the boxes as desired to identify the domain controllers where the AD agent is to be deployed.
NOTE: Agents can be gradually deployed, but the AD agent needs to be installed on all domain controllers to monitor all activity of the domain.
Step 8 – Click the Test button to verify the connection to the domains selected. Once the connection is verified, click Next to continue.
Step 9 – On the Windows Agent Settings page, there are two settings to configure.
- Add Windows file activity monitoring – Select the check box to add Windows file activity monitoring after installing the agent. By default a new agent install monitors nothing. If administrators want to monitor file activity on Windows servers, it is easier to enable it after installation of the agent. Windows file activity monitoring can be enabled and configured later in the console.
- Management Group – By default, the agent only accepts commands form members of the BUILTIN\Administrators group. Less privilege accounts can be configured to manage the agent with the Management Group setting. Keep in mind that only administrators can install, update and uninstall the agent.
Step 10 – Click Finish. The Add New Agent(s) window closes, and the activity agent is deployed to and installed on the target host.
During the installation process, the status will be Installing. If there are any errors, the Activity Monitor stops the installation and lists the errors in the Agent messages box.
When the AD agent installation is complete, the status changes to Installed and the agent version populates in the AD Module column. The next step is to configure the domains to be monitored. See the Monitored Domains Tab section for additional information.
Single Activity Agent Deployment
Before deploying the activity agent, ensure all Activity Agent Server Requirements have been met, including those for NAS devices when applicable. Follow the steps to deploy the activity agent to a single Windows server.
NOTE: These steps are specific to deploying activity agents for monitoring supported target environments.
Step 1 – On the Agents tab, click Add agent to open the Add New Agent(s) window.
Step 2 – On the Install new agent page, enter the Server name (name or IP Address) to deploy to a single server. Leave the field blank to deploy the agent on the local server. Click Next.
Step 3 – On the Specify Port page, specify the port that should be used by the new agent. The default port is 4498. Click Next.
Step 4 – On the Credentials To Connect To The Server(s) page, select ether Windows or Linux file monitoring. Then, enter the User name and Password to connect to the API Server.
Step 5 – Click Connect to test the connection. If the connection is successful, click Next. If the connection is unsuccessful, see the status message that appears for information on the failed connection and correct the error to proceed.
Step 6 – On the Agent Install location page, specify the Agent installation path. The
default path is C:\Program Files\Netwrix\Activity Monitor\Agent. Click Next.
Step 7 – On the Windows Agent Settings window, configure the following options:
- Windows Activity Monitoring — Check the Add Windows file activity monitoring after installation checkbox to enable monitoring all file system activity on the targeted Windows server after installation. Alternatively, the Windows monitoring can be enabled later on the Monitored Hosts page.
- Management Group — By default, the agent only accepts commands from members from the BUILTIN\Administrators group. Less privileged accounts can be used to manage the agent with the Management group setting. Keep in mind that an administrator account must be used to install, upgrade or uninstall an agent. The value must be a domain or local security group entered in the DOMAIN\groupname format.
Step 8 – Click Finish. The Add New Agent(s) window closes, and the activity agent is deployed to and installed on the target host.
During the installation process of the agent, the status will display Installing. If there are any errors, the Activity Monitor stops the installation and lists the errors in the Agent messages box.
When the activity agent installation is complete, the status changes to Installed and the activity agent version populates. The next step is to add hosts to be monitored. See the Monitored Hosts Tab topic for additional information.