Overview
This add-on loads comprehensive and detailed accounts and groups information from Active Directory environments, regarding single-domain to even the largest multiple forest / domains configurations.
It includes extraction scripts and also silos, discovery and collect files that use one LDIF file containing informations from Active Directory.
The following information will be loaded:
- Accounts, Groups, Containers and Organizational Units,
- Selected standard attributes (including userAccountControl bit-field attribute),
- Selected user-defined attributes if required.
Information is extracted from Active Directory using provided PowerShell scripts, that can be run either locally , remotely, or through an OpenICF connector.
Loaded information will feed accounts and groups tables in iGRC. Bit-field attributes are abstracted to Boolean flags ( eg. Account is locked, password has expired ) that can be readily used in your queries and analytics.
It is the foundation for all Microsoft related iGRC Add-ons (eg. Sharepoint, Exchange, Shared Folders) and Analytic Apps and can also be used to build your own reports and analytics.
Instructions for extracting data from Active Directory environment are provided in the documentation available in /library/contribs/bw_activedirectory.
What’s New
New attribute “privileged account” to replace “notnormalaccount” attribute that contains the inverted value.
Revision History
version 5.2
Adding a new option that allow to extract users HR data from active directory in a CSV file.
version 5
Adding a new attribute “privileged account” to replace “notnormalaccount” attribute (notnormalaccount contained the inverted value) who is deprecated from version 2017R3.
version 4
- Extraction scripts generates now only one LDIF file per domain instead of two.
- Optimization of extraction and collect execution time.
- Parameter added in extraction script to allow script execution with credentials other than current user session.
- Parameters added in extraction script to specify the extract file output directory, log directory and log level.
- List of custom attributes has been extended to extract up to 39 custom attributes.
- New attribute “sidhistory” is now extracted by the script.
version 3
- Supports any number of domains in the Active Directory.
- Integration and configuration has also been streamlined.
| File | Version | Minimum Product Version | Download |
|---|---|---|---|
| bw_activedirectory_5.2.11962.facet | 5.2.11962 | 2017 R3 | Login to Download |
| bw_activedirectory_5.1.11739.facet | 5.1.11739 | 2017 R3 | Login to Download |
| bw_activedirectory_4.7.1.7826.facet | 4.7.1 | 2017 R2 | Login to Download |
| bw_activedirectory_4.6.7257.facet | 4.6 | 2017 R2 | Login to Download |
| bw_activedirectory_4.5.1.7141.facet | 4.5.1 | 2017 R2 | Login to Download |
| bw_activedirectory_4.4.3.5416.facet | 4.4.3 | 2015 R1 SP2 | Login to Download |
| bw_activedirectory_4.4.3.5531.facet | 4.4.3 | 2015 R1 SP2 | Login to Download |
