Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MarkWeber
Employee
Employee

Unable to deactivate Active Directory Query

Hi Experts,

From the very first beginning Active Directory Query is configured using the Mobile Access Wizard.

Nowadays I’am using the Identity Collector and want to get rid of the Active Directory Query configuration and the LDAP Account unit (checkpoint.lab__AD).

When I open the LDAP account unit and open the open “Where Used” I see it’s only used in the gateway configuration.

 

MarkWeber_0-1639053785154.jpeg

On the gateway object the option “Active Directory Query” is greyed out, so I cannot deactivate this option.

MarkWeber_1-1639053785159.jpeg

 

MarkWeber_2-1639053785162.png

When I open the settings and removing the LDAP Account Unit (checkpoint.lab__AD) and click OK, the following warning is displayed.

MarkWeber_3-1639053785163.png

 

And when clicking OK

MarkWeber_4-1639053785166.jpeg

Domain to query is not selected will be displayed, so there is no option to deactivate Active Directory Query at this point..

Any suggestions how to deactivate Active Directory Query?????

I have tried several options but without success…..

 

0 Kudos
8 Replies
G_W_Albrecht
Legend
Legend

If you disable the IA blade and then enable it again, the Mobile Access Wizard will let you enable IA without AD Query.

CCSE CCTE CCSM SMB Specialist
MarkWeber
Employee
Employee

No, it is in the wizard also greyed out

 

ID Wizard.jpg

0 Kudos
Timothy_Hall
Champion
Champion

There is probably still a reference to the AU object in the Mobile Access Blade in the SmartDashboard; I don't think Where Used will show references in the legacy SmartDasboard so I suspect that's why it is greyed out everywhere in SmartConsole.  Try poking around in the legacy SmartDashboard.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

I had that exact issue before and I solved it by removing some IA references in guidbedit for AD Cant recall what, but will update if I find out.

0 Kudos
MarkWeber
Employee
Employee

Thanks!! 

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos
Royi_Priov
Employee
Employee

Hi @MarkWeber ,

This happens probably since you have Identity Logging enabled on the "Management" Tab.

Royi_Priov_1-1639386387216.png

 

Identity Logging is basically same as AD Query, but running on the mgmt side to enrich the management logs, without any enforcement abilities.

As for your specific issue, please disable Identity Logging on the mgmt tab first, and afterwards disable AD Query.

 

A general note for all Identity Awareness customers which are using AD integration such as AD Query and Identity Collector: there is no need to enable Identity Logging in addition to that. One of the Identity Awareness targets is anyhow enrich the management logs, together with enforcing traffic according to identities. It means, in other words, that ADQ / IDC will do logging + enforcement while Identity Logging is doing only logging.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
MarkWeber
Employee
Employee

Hi Royi,

You're the EXPERT!!! That was the solution, disabled the Identity Logging feature and now I'am able to disable AD Query.

Thanks a lot.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events