Recovery Manager for Active Directory performs Active Directory recovery at any level: from individual objects and attributes to entire domains and, in the case of Recovery Manager for Active Directory Forest Edition, even Active Directory forests. IT Security Search lets you track recovery-related activity. Enabling the Recovery Manager for Active Directory data link makes it possible to list available backup states and restore objects to any of them.
NOTE: You cannot perform forest-level recovery from IT Security Search.
To start configuring the Recovery Manager for Active Directory data link, select the Connector enabled option. To set up connection to Recovery Manager for Active Directory, configure the following:
For up-to-date details about the permissions required for access to Recovery Manager for Active Directory, see the Recovery Manager for Active Directory Deployment Guide.
To make sure that you have specified valid account or accounts, click the Test connection link. This verifies that the credentials are valid and suitable for running searches. However, it does not ensure that the Active Directory access account can perform recovery operations.
Active Roles simplifies and streamlines creation and ongoing management of user accounts, groups and other objects in Active Directory. Generally, whenever you are looking for an answer to the question “What is known about this user or group?” in IT Security Search, the data can be provided by Active Roles.
Active Roles brings information about the following:
To start configuring the Active Roles data link, select the Connector enabled option. To set up connection to the Active Roles server, configure the following settings:
To verify that your Active Roles server access works, click the Test Connection link.
Finally, click Apply.
Caution: For the connection to the Active Roles server to work, make sure that port 15172 is opened for both inbound and outbound traffic on that server.
Management history synchronization between IT Security Search and Active Roles does not happen directly. IT Security Search uses its own “warehouse” component as an intermediary data store. The first synchronization can take a long time, because all available history has to be processed. After that, synchronization involves only the most recent data.
IT Security Search Warehouse receives and stores data that is forwarded by data-providing systems. At this time, only Enterprise Reporter supports forwarding of data to IT Security Search.
To start configuring the Warehouse data link, select the Connector enabled option. However, most of the configuration occurs on the pushing end.
The next push will occur after the next Enterprise Reporter discovery.
If you use the Active Roles connector, then IT Security Search Warehouse is used for storing Active Roles management history and searching in it. For that data, it doesn't matter if your Warehouse connector is enabled.
The Splunk connector retrieves searchable data from Splunk.
The connector has the following minimal configuration options:
One additional setting that you may want to configure is the number of retrieved Splunk results. By default, Splunk returns 50,000 objects, whereas IT Security Search shows 100,000 per page. To make these limits consistent, take the following steps:
A predefined Splunk-to-IT Security Search field mapping is provided out of the box. If you find that this mapping doesn't suit you, call Quest Support. This will help improve Splunk integration for you and everyone else.