Using the AD Rapid Discovery Workload
This feature is currently available only to customers participating in a private preview. If you'd like to participate to be among the first to try this feature, ask our support or account team for details.
AD Rapid Discovery maintains continuous synchronization between Active Directory (AD) and the Delinea Platform. The Windows Server Manager can be used to change computer properties within AD. Any changes made to computers in AD trigger real-time synchronization through AD Rapid Discovery to the Server Suite Agent, and the changes appear on the Delinea Platform. Changes to the computer where AD Rapid Discovery is running appear in the Inventory page of the platform after synchronization.
The default synchronization frequency is every five minutes. You can configure the synchronization frequency.
Deployment
The AD Rapid Discovery workload can be installed and run on any domain joined machine. This page gives details about how to set up the workload.
Editing AD Rapid Discovery Settings
To execute the AD Rapid Discovery workload, a Service account must be selected. Use the following steps to add the account. You will only see accounts for which you have permissions.
You can also use these steps to adjust the refresh interval.
-
Open the Engine management page (use the Search bar to find it).
-
Select a site.
-
Click the Settings tab.
-
In AD Rapid Discovery, click Edit.
-
You can make the following settings:
-
AD Rapid Discovery Domain Admin Account: This account is used to run AD Rapid Discovery.
-
Type a new value for the frequency at which AD Rapid Discovery synchronizes with AD, and click Save.
-
| Setting | Description |
|---|---|
| AD Rapid Discovery Domain Admin Account | This account is used to run AD Rapid Discovery. You can use a Domain Admin Account or an AD account that has the permissions described later in this page, in Setting AD Rapid Discovery Account Permissions. |
| Synchronizes with AD | Time interval (in minutes) between times when the AD Rapid Discovery workload uploads any new data from AD to the platform. |
Setting AD Rapid Discovery Account Permissions
On the server where you will install the AD Rapid Discovery workload, define a service account for AD Rapid Discovery, then configure the account with local server permissions and domain permissions.
Local Server Permissions
With local permissions on the server where the AD Rapid Discovery workload will be installed, the AD Rapid Discovery service account can run the setup for AD Rapid Discovery.
The local server permissions must include the Log on as a batch job permission and the Log on as a service permission.
To assign the required logon permissions:
-
Select Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
-
Select the Log on as a batch job permission and the Log on as a service permission.
-
On the Local Security Setting tab, click Add User or group.
-
Navigate to and select the AD Rapid Discovery service account to apply the permissions.
Domain Permissions
The AD Rapid Discovery workload requires the AD permission Replicating Directory Changes All. This permission must be granted to the AD Rapid Discovery service account on the root domain node.
In the Permissions section of the Windows Permission Entry dialog, select the checkbox for Replicating Directory Changes All.
