Domain controller polling

Expand all | Collapse all

Kaspersky Security Center supports polling of a Microsoft Active Directory domain controller and a Samba domain controller.

Kaspersky Security Center allows you to poll a Samba domain controller only by using a Linux distribution point. For a Samba domain controller, Samba 4 is used as an Active Directory domain controller.

When you poll a domain controller, Administration Server or a distribution point retrieves information about the domain structure, user accounts, security groups, and DNS names of the devices that are included in the domain.

We recommend using domain controller polling if all networked devices are members of a domain. If some of the networked devices are not included in the domain, these devices cannot be discovered by domain controller polling.

Prerequisites

Before you poll a domain controller, ensure that you allow connections to the domain controller through a firewall or a proxy server. Also ensure that the following protocols are enabled on the domain controller:

Ensure that the following ports are available on the domain controller device:

Domain controller polling by using Administration Server

You can use Administration Server to poll only a Microsoft Active Directory domain controller.

To poll a domain controller by using Administration Server:

  1. In the main menu, go to Discovery & deployment → DiscoveryDomain controllers.
  2. Click Polling settings.

    The Domain controller polling settings window opens.

  3. Select the Enable domain controller polling option.
  4. In the Advanced settings section, specify the polling scope:
    • Poll current domain

      Select this option to poll a domain to which the Kaspersky Security Center belongs.

    • Poll entire domain forest

      Select this option to poll a domain forest to which the Kaspersky Security Center belongs.

    • Poll specified domains

      Select this option to poll a domain with specified address and user credentials.

  5. If necessary, specify the polling schedule. The default period is one hour. The data received at the next polling completely replaces old data.

    The following polling schedule options are available:

    • Every N days
    • Every N minutes
    • By days of week
    • Every month on specified days of selected weeks
    • Run missed tasks

    If you change user accounts in a security group of the domain, these changes will be displayed in Kaspersky Security Center an hour after you poll the domain controller.

  6. Click Save to apply changes.
  7. If you want to perform the poll immediately, click the Start poll button.

Domain controller polling by using a distribution point

You can also poll a Microsoft Active Directory domain controller and a Samba domain controller by using a distribution point. A Windows- or Linux-based managed device can act as a distribution point.

For a Linux distribution point, polling of a Microsoft Active Directory domain controller and a Samba domain controller are supported.
For a Windows distribution point, only polling of a Microsoft Active Directory domain controller is supported.
Polling with a Mac distribution point is not supported.

To configure domain controller polling by using the distribution point:

  1. Open the distribution point properties.
  2. Select the Domain controller polling section.
  3. Select the Enable domain controller polling option.
  4. Select the domain controller that you want to poll.

    If you use a Linux distribution point, in the Poll specified domains section, click Add, and then specify the address and user credentials of the domain controller.

    If you use a Windows distribution point, you can select one of the following options:

    • Poll current domain
    • Poll entire domain forest
    • Poll specified domains
  5. Click the Set polling schedule button to specify the polling schedule options if needed.

    Polling starts only according to the specified schedule. Manual start of polling is not available.

After the polling is completed, the domain structure will be displayed in the Domain controllers section.

If you set up and enabled device moving rules, the newly discovered devices are automatically included in the Managed devices group. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.

The discovered user accounts can be used for domain authentication in Kaspersky Security Center Web Console.

See also:

Authentication and connection to a domain controller

Page top