Skip to main content

Synchronize ESET PROTECT with Active Directory - Kennisbank / ESET PROTECT On-prem - ESET Tech Center

Synchronize ESET PROTECT with Active Directory

Authors list

Issue

  • A synchronization task is required to sync the ESET PROTECT Virtual Appliance or ESET PROTECT for Linux with Active Directory
  • If automatic synchronization fails in ESET PROTECT for Windows Server, you can use a task to sync ESET PROTECT with your Active Directory
  • Configure communication between your ESET PROTECT Virtual Appliance and your existing Active Directory
  • The No agent icon is next to the computer name and the inability to push install

Solution


Prerequisites

For the Active Directory (AD) sync task to run effectively, it is important that all AD objects that will be synced and their corresponding DNS and reverse DNS records are correct on all servers. Any inconsistency in these items can result in an incorrect sorting of AD objects or excess AD objects being placed in the Lost and Found group.

  1. Open the ESET PROTECT Web Console in your web browser and log in.
  2. Click Tasks  Server Tasks Static Group Synchronization and then click New Server Task.
  3. Type a Name for your new task into the appropriate field and select Static Group Synchronization (selected by default) from the Task drop-down menu. We recommend that you select the check box next to Run task immediately after finish for the fastest response time.
  4. Click Settings and click Select under Static Group Name. Select the static group that will receive new computers and users from AD and then click OK.
    Define the synchronization behavior with AD objects:
    • Object to synchronize–select Computers and Groups or Only Computers.
    • Computer Creation Collision Handling–if the synchronization adds computers that are already members of the Static Group, you can select a conflict resolution method:
      • Skip–synchronized computers will not be added.
      • Move–new computers will be moved to a subgroup.
      • Duplicate–a new computer is created with a modified name.
    • Computer Extinction Handling–If a computer no longer exists in the AD, you can either Remove this computer or Skip it.
    • Group Extinction Handling–If a group no longer exists in the AD, you can either Remove this group or Skip it.
    • Synchronization Mode–to synchronize with the AD, select Active Directory/Open Directory/LDAP.
  5. In the Server Connection Settings section, type the following information into the corresponding fields:
    • Server–Type the Server name or IP address of your domain controller.
    • Login–Type the login credentials for your domain controller in the format username@DOMAIN or username. If you are running the ESET PROTECT Server on Windows, use the format DOMAIN\username.
    • Password–Type the password used to log in to your domain controller.
  6. Select the check box next to Use LDAP instead of Active Directory.

  7. The LDAP Parameters settings will be displayed. Under Presets, click Select and then select Active Directory.
  8. Select the check box next to Use Simple Authentication.

  9. Click Browse next to Distinguished Name. Your AD tree will be displayed. Select the top entry to sync all groups with ESET PROTECT, or select only the specific groups that you want to add. Click OK when you are finished.

  10. Click Finish. Your new task will be displayed in the list of tasks on the right and will run at the time you specified.

Add a comment

Please log in or register to submit a comment.

Need a password reminder?