Asset Vision®Asset Vision® Setup and AdminDiscovery SetupHow to Scan for Devices in Active Directory via LDAP

How to Scan for Devices in Active Directory via LDAP

This lesson will explain how to discover devices in Active Directory via an LDAP Scan.  The lesson assumes that you have already installed your PAD and configured appropriate Windows credentials. See the previous lessons in this chapter if you have not done so.

Asset Vision® uses an agentless method of scanning.  Agentless scanning has the profound benefit of being non-disruptive to the configuration of your target systems.  The method we use to perform discovery is based on the creation of scanning jobs that run according to a particular schedule.  The scan jobs implement the various discovery techniques built into Asset Vision®.

Create a New Active Directory (LDAP) Devices Scan Job

Create a New Active Directory (LDAP) Devices Scan Job

Navigate to: Setup > Discovery > Scan Jobs > Manage. This data view displays all of the currently existing scan jobs.

  1. Click New at bottom of page to launch the Scan Job Setup Wizard.
  2. In the Selection dialog, select the Network Devices job category.
  3. In the job type: drop-down, select Devices from Active Directory (LDAP).
  4. Click OK.

1. Configure the Active Directory (LDAP) Scan Settings

1. Configure the Active Directory (LDAP) Scan Settings

In the LDAP/AD Settings section, enter:

  1. Server:  This is the address of the LDAP server, as defined using the syntax "ldap://<servername>.
  2. Search Base:  This is the location in the directory from which the LDAP search begins.
  3. Accept Self-Signed Certificate: Check this option if the LDAP scan will be using a Self-Singed Certificate.

2. Select PAD

Select PAD

Select a PAD from a list of existing PADs from the drop down list. Click Next to continue.

3. Select Credentials

Credentials

Add Credentials to be used for rights to successfully scan using the desired probes:

  1. Mark the Select credentials to be used for current scan: check box to use only the specified credentials for the current Scan Job.
    To use any available, pre-defined credentials, leave this box unchecked. The Scan Job will go through each available credential until the scan is successful.
  2. For any given credential type, click the Add (plus sign) button.
  3. In the Credential User Name dialog, select the credential or credentials required for the Scan Job. These credentials shall have sufficient rights to the endpoints to be successfully scanned.
    At this point, you may also create a new Credential by clicking New. This will begin the Create a New Credential process.
    Note: It's most beneficial for the SQL scan that both the Windows Credentials and SQL Credentials be specified, as the scan incorporates two different probes returning two different sets of information.
  4. Click the Remove (minus sign) button to remove any unwanted Credentials.

4. Schedule

2. Schedule
  1. Select the desired Scan Window, or leave as Default if you would like for the scans to run at any time. For more information see Setting up a Scan Window.
  2. Pick the desired Schedule Type for the scan job.
  3. Check Enabled if you want to enable the scan job to run as scheduled once you save and finish the wizard.
  4. Select the Time Zone and Time. Note that the time zone will be saved in GMT/UTC time.
  5. Configure remaining options (Day of week:, Run on:, Repeat every:, etc.)
  6. Click Next.

5. Review and Implement

Review and Implement
  1. Provide a Name for the Scan Job.
  2. Review the Scan Job configuration summary. Click Back to modify any of the specified configurations.
  3. Click Save and Run to save the scan job and initiated it immediately, or Save and Finish to save the scan job and let it run at the scheduled time.