- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Objects based on AD domain info
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Objects based on AD domain info
We have just created an AD trust with a partner company. Their AD domain is called "trusted.local". We use our local AD domain "trusting.local" on our CP gateways for identity awareness functionality.
I am looking for a way to identify end users in the "trusted.local" AD domain based on the UPN suffix "trusted.local". Something akin to "*@trusted.local" - I then want to be able to put them in an object that can be used in gateway policy as a source or destination..
Any ideas? Thanks
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order to see identities from another AD server; you’d have to configure Identity Collector to poll that AD server.
This is because to associate a user with an IP, we need to see the Security Logs from AD showing the user login.
Also, there would need to be an LDAP Account Unit defined for the relevant LDAP Branch.
Whether the partner will give you the necessary access to do that is a separate question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order to see identities from another AD server; you’d have to configure Identity Collector to poll that AD server.
This is because to associate a user with an IP, we need to see the Security Logs from AD showing the user login.
Also, there would need to be an LDAP Account Unit defined for the relevant LDAP Branch.
Whether the partner will give you the necessary access to do that is a separate question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Phoneboy explained it perfectly.
Andy
