sevco.io

Microsoft Active Directory – Users

About

Microsoft Active Directory is a directory service for Windows domains to enable network authentication and authorization.

Why You Should Integrate

Integrating with a Directory Service like Microsoft Active Directory will provide visibility and increased awareness of user accounts in an environment.

How Does the Integration Work

This integration pulls user-account information from Active Directory using the LDAP protocol.

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

⚠️

If you haven't already, please review our instructions for configuring the Microsoft Active Directory integration before proceeding with the instructions below.

Configuration Options

Domain

FieldDescriptionExample
DomainDomain name to include the appropriate suffixes (.com or .local)development.acme.local
Exclude users marked as 'disabled' in Active DirectoryBy default, all users are pulled from the Active Directory domains specified. By selecting this you will pull in only users that are not in a 'disabled' status.n/a

Domain Discovery

FieldDescriptionExample
Root DomainRoot domain name to include the appropriate suffixes (.com or .local)acme.local
Excluded DomainsA comma separated list of domains to exclude from pullingdevelopment.acme.local, contractor.acme.local
Exclude users marked as 'disabled' in Active DirectoryBy default, all users are pulled from the Active Directory domains specified. By selecting this you will pull in only users that are not in a 'disabled' status.n/a

External Documentation

Creating credentials

You'll be asked to provide source credentials that Sevco will use to connect to Microsoft Active Directory
The following link will step you through creating an account. https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/create-an-active-directory-server#add-users-and-computers-to-the-active-directory-domain

Required Permissions

The username supplied should be a standard domain user (service account) with read-only access to all computers and users in the domain.

  • Requires LDAP query permissions (enabled by default in MS AD)
  • Interactive login is not required
  • If additional restrictions are applied to a standard user/service account then please ensure it has the following permissions:
    • List content
    • Read all properties
    • Read permissions

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits located in the upper right hand corner of the documentation.