Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SAROU237
Explorer

Difference between AD query and User Directory

Hello,

 

In the " identity awareness" software blade, I don't understand the difference between :

 

- AD QUERY

 

- USER DIRECTORY

 

The 2 of them Get identity data  from Active Directory .So what is the difference ?

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin

User Directory is a legacy feature that is tied with LDAP.
Recommend reading this thread for more background: https://community.checkpoint.com/t5/General-Topics/User-Directory-vs-Identity-Awareness/m-p/21862#M4... 

AD Query is one of the many methods used for acquiring identities.
Specifically, it subscribes to a given Active Directory server over WMI and receives specific types of events correlated with a user login.
Others include:

  • Identity Collector, which is far more scalable than AD Query
  • Identity Agents (including MUH for terminal servers)
  • Captive Portal
  • RADIUS Accounting
  • Identity Awareness API (allows integration with third party systems)

Note that in all cases, this only achieves an IP to username mapping.
To get the actual groups associated with a given user, an LDAP query from the gateway is used. 

0 Kudos
Reply