https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232292#M44832 <P>Hi, all!</P><P>Does it is normal to get user/IP associations using both AD Query and Identity Collector&nbsp;<SPAN>simultaneously, or better choice is to choose one?</SPAN></P> Mon, 11 Nov 2024 09:00:38 GMT Padre__ 2024-11-11T09:00:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232292#M44832 <P>Hi, all!</P><P>Does it is normal to get user/IP associations using both AD Query and Identity Collector&nbsp;<SPAN>simultaneously, or better choice is to choose one?</SPAN></P> Mon, 11 Nov 2024 09:00:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232292#M44832 Padre__ 2024-11-11T09:00:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232327#M44840 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/119365">@Padre__</a>&nbsp;</P> <P>In short: Use Identity Collector. It is much more safe, an this is the preferred method.</P> <P><EM>In the October 2022 Windows update (<A href="https://support.microsoft.com/en-us/topic/october-11-2022-kb5018411-os-build-14393-5427-a59be55a-b368-4284-a643-28fc0b9b8314" target="_blank" rel="noopener">KB5018411</A>/&nbsp;<A href="https://support.microsoft.com/en-us/topic/october-11-2022-kb5018419-os-build-17763-3532-ca62cca7-b599-44c4-a2a6-347996662623" target="_blank" rel="noopener">KB5018419</A>), Microsoft made changes to read privileges that affect AD Query from an Identity Awareness Gateway to a DC. If AD Query is configured for a DC user who is not an admin (see&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk93938" target="_blank" rel="noopener">sk93938</A>), AD Query cannot access the DC. For customers with such a configuration, Check Point recommends to use Identity Collector as the Identity Source instead of AD Query. For more information and workaround procedures, see&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk180232" target="_blank" rel="noopener">sk180232</A>.</EM></P> <P><EM><A href="https://support.checkpoint.com/results/sk/sk60301" target="_blank">https://support.checkpoint.com/results/sk/sk60301</A></EM></P> <P>Akos</P> Mon, 11 Nov 2024 14:04:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232327#M44840 AkosBakos 2024-11-11T14:04:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232331#M44841 <P>Identity Collector is preferred and is better performing than Adquery.</P> Mon, 11 Nov 2024 14:27:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232331#M44841 Chris_Atkinson 2024-11-11T14:27:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232703#M44972 <P><EM>AD Query and Identity Collector conflict and should not be used as the identity connector for the same gateway. Events may arrive out of sync and the same event may be observed multiple times, leading to unpredictable results</EM><BR /><BR /><A href="https://www.checkpoint.com/downloads/products/cp-identity-awareness-reference-architecture-best-practices.pdf" target="_blank">https://www.checkpoint.com/downloads/products/cp-identity-awareness-reference-architecture-best-practices.pdf</A></P> Thu, 14 Nov 2024 10:53:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Both-AD-Query-and-Identity-Collector/m-p/232703#M44972 CheckPointerXL 2024-11-14T10:53:27Z