Re: Both AD Query and Identity Collector

Padre__

Hi, all!

Does it is normal to get user/IP associations using both AD Query and Identity Collector simultaneously, or better choice is to choose one?

AkosBakos

Hi @Padre__

In short: Use Identity Collector. It is much more safe, an this is the preferred method.

In the October 2022 Windows update (KB5018411/ KB5018419), Microsoft made changes to read privileges that affect AD Query from an Identity Awareness Gateway to a DC. If AD Query is configured for a DC user who is not an admin (see sk93938), AD Query cannot access the DC. For customers with such a configuration, Check Point recommends to use Identity Collector as the Identity Source instead of AD Query. For more information and workaround procedures, see sk180232.

https://support.checkpoint.com/results/sk/sk60301

Akos

----------------
\m/_(>_<)_\m/

Chris_Atkinson

Identity Collector is preferred and is better performing than Adquery.

CCSM R77/R80/ELITE

CheckPointerXL

AD Query and Identity Collector conflict and should not be used as the identity connector for the same gateway. Events may arrive out of sync and the same event may be observed multiple times, leading to unpredictable results

https://www.checkpoint.com/downloads/products/cp-identity-awareness-reference-architecture-best-prac...

Are you a member of CheckMates?

Both AD Query and Identity Collector