Requirements
Supported Target Systems
The Active Directory domain scan tasks are supported on the following Active Directory domain versions
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
Access Settings
- Domain user credentials are required to scan the Active Directory domain.
- When reading Group Policy settings, the user should have Read permissions to all Group Policy objects.
- To obtain more detailed information about the domain controllers on the network including serial number, manufacturer and model, the user credentials must have administrator rights on the remote domain controllers.
Active Directory PowerShell Module
The agent requires that the Active Directory PowerShell module is installed.
Distributed File System
To read distributed file system namespaces and replication groups the DFS Management Tools must be installed. For more information see the DFS Management Tools section.
Group Policy Objects
To read Group Policy objects the Group Policy management console must be installed.
Windows Firewall (Run Active Directory tools locally)
When the scan method is set to Run Active Directory tools locally the following ports must be open on the domain controller.
Active Directory Web Services (TCP-In)
Required for the execution of the Active Directory PowerShell module.
mDNS (UDP-In)
This is only required when using NetBIOS names for the DFS Management Tools.
Active Directory Domain Controller - LDAP (TCP-In)
Required for LDAP connections for the DFS Management Tools and Group Policy Management Console.
Active Directory Domain Controller - LDAP (UDP-In)
Required for LDAP connections for the DFS Management Tools and Group Policy Management Console.
Windows Firewall (Connect directly to Domain Controller)
When the scan method is set to Connect directly to Domain Controller the following ports must be open on the domain controller.
Windows Remote Management (HTTP-In)
This port allows the PowerShell remoting connection on port TCP/5985.
Windows Firewall (Hosts)
To obtain more detailed information about the domain controllers on the network such as serial number and manufacturer.
Windows Remote Management (HTTP-In)
This port allows the PowerShell remoting connection on port TCP/5985.
Local Service
The Active Directory domain scan tasks do not support the local service.