To add and configure a new agent:
1. At the top of the Agent Management view, click
Active Directory, and then click
Add to launch the Agent Setup wizard.
2. On the
Prepare page, carefully read the instructions about the steps that you need to take before proceeding with the wizard.
You can either manually configure your Active Directory environment for monitoring, or download and run a script that automatically configures the Domain Controllers. To download the script, click
Script for configuring the Active Directory settings.
When done, click
Next.
3. On the
Auto-Discovery or
Manual page, indicate if you want to manually configure an Active Directory agent to monitor a single Domain Controller, or search your domain and auto-discover Domain Controllers via LDAP. Click
Next.
- If you selected Auto-discover, continue with Step 4 .
- If you selected Manual, continue with Step 6 .
4 . On the Select the Search Domain page, specify the domain to search for Domain Controllers, where Active Directory agent instances are to be created and activated.
- Domain: Type the fully qualified name (myDomain.com) of a domain to search for Domain Controllers (DCs).
- User Name: Type the user principal name of the account to be used to query Active Directory® on the selected domain.The following formats are accepted for the user principal name: myUser@myDomain.com, myUser, and myDomain.com\myUser.
- Password: Enter the password associated with the above user account.
- Enable SSL For LDAP: Selecting this check box if security LDAP is required.
Click
Next.
NOTE:
1. When selecting Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
5. On the Select Servers page, select one or more DCs that you want to monitor.
NOTE: All selected servers will use the same user credentials for access.
This page displays the following information for each DC found on the selected domain:
- Domain Controller: Displays the name of the DCs found on the selected domain.
- Active Directory Agent Exists: Indicates whether an Active Directory agent instance has already been created for a DC. A green check mark in this check box indicates that an agent instance has already been created for the DC. DCs already monitored by other Active Directory agents are unavailable for selection in the list.
Click
Next.
6 . On the
Configure Agent Properties page, review the Active Directory agent properties, and edit them, as necessary. select the agent properties, as necessary.
- Domain Controller(s): The name of the domain controller found on the selected domain.
- Communication Protocol: Selects to run the WMI query through DCOM or WinRM.
- WinRM Port: The WinRM port number on the monitored Domain Controller. This property only appears if the Communication Protocol is set to WinRM through HTTP or WinRM through HTTPS.
NOTE:
1. When setting Communication Protocol as WinRM through HTTPs, import the root certificate of the monitoring domain into FglAM keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
- LDAP Authentication Mechanism: The authentication scheme used to connect to the LDAP server: Simple (default) or Kerberos.
- Enable SSL For LDAP: Indicates if the LDAP connection is secure or not (default).
NOTE:
1. When selecting Enable SSL For LDAP, import the root certificate of the monitoring domain into both FglAM and Foglight keystore.
2. Ensure that the Subject Alternative Name of the certificate used by LDAP service includes both server FQDN and Domain name.
- Is a Virtual Host?: Indicates if the selected Domain Controller runs on a virtual host.
- Virtual Environment: The type of the virtual environment: VMware or Hyper-V. This property only appears if the selected Domain Controller runs on a virtual host.
7. On the Select the Agent Manager Host page, select the Foglight Agent Manager Host to be used for the new Active Directory agent instances.
The table displays the following Foglight Agent Manager information (same information is displayed on the Administration | Agents | Agent Hosts dashboard):
- Host Name
- Agent Manager Version
- OS Type
- OS Architecture
- The Active Directory Agent Package Deployed column indicates whether the Active Directory agent package has been deployed to the Foglight Agent Manager host(s). A green check in this column indicates that the Active Directory agent package has been deployed
NOTE: This value is not aware of a package’s version. Therefore, if you have upgraded the cartridge, you must deploy the new agent package even if this column indicates that the FglAM host already has an agent package.
- The Windows Agent Package Deployed column indicates whether the Windows agent package is already deployed to the Agent Manager host(s). A green check in this column indicates that the Windows agent package has been deployed. This column is displayed only if the selected Domain Controller runs on a physical host.
Click
Next.
8 . On the
Assign and Validate Credentials page, review the available credentials, and edit them, as necessary.
- To create a new credential, click Add host(s) to a new credential.
- In the Create New Credential and Assign dialog box, create a credential that you want to use to access the monitored resource. Type a new credential name, domain, user name, password, and lockbox, and click Submit.
- To select an existing credential, click Add host(s) to an existing credential.
- In the Select Existing Credential dialog box, select an existing credential, and click Submit.
- To bypass the prerequisites verification, select the Do not check for prerequisites check box.
Click
Next9. On the
Summary page, review the configuration settings chosen for the new agent, and its prerequisite diagnostics, including:
- Active Directory Agent: The name of the selected Active Directory agent instance.
- Windows Agent: The name of the selected Windows agent instance.
- Diagnostic Result:
NOTE: This information is displayed only when the prerequisites are checked in Step 8
- Success: The agent instance can connect to the monitored Domain Controller and collect data.
- Error: The agent instance cannot connect to the monitored Domain Controller instance and collect data. Click this link to find out what causes this error. Carefully review the information in the popup that appears in order address the problem.
Click
Finish.
The Agent Setup wizard closes. The Active Directory agent is now added and configured, and appears in the Agent Management view, on the
Administration | Active Directory tab
