This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
‎2023-07-06 11:42 AM
In response to Matlu

I would not do ANY new deployments with AD Query at this point.
First of all, AD Query causes additional load on the AD server.
With 4k users, this might be noticeable.
Second, due to various security vulnerabilities in WMI, Microsoft has and continues to make changes, some of which have broken AD Query.
Currently, using fully patched AD servers, AD Query can only be implemented using an account with Domain Admin credentials.

Meanwhile, Identity Collector:

  • Is significantly more scalable
  • Only requires an account that can read Security Logs from Active Directory
  • Is the recommended solution
(1)
Who rated this post