Running an Active Directory Scan
After a gateway is first installed, you can use the Scan Active DirectoryMicrosoft's Active Directory is a service that stores and manages network-based entities such as applications, files, printers, and people. option to scan the network for computers that are not audited. For information about gateways and how to install them see Managing Gateway Settings.
Before performing the Active Directory scan, make sure to open the network ports for the gateway to communicate effectively with the domain controller. In your firewall settings for the service, enter port 53, and select the option UDP (for DNS) or TCP protocol. To manually open ports in your Internet connection firewall, refer to operating system help. |
Scan the Network for Computers Not Being Audited
1. | Log in to the Service Desk Console as a Discovery Manager and choose the Gateway tab. |
2. | Click Scan Active Directory. |
3. | At the prompt, click Yes. An agent task for the gateway is created. After the gateway receives the task, the scanning process starts. |
When the scan finishes, the computers that are not audited are listed. The following types of machines are discovered: CI.Workstation and CI.Server.
After the agent is deployed, as described in Deploying Agents to Other Computers, types of CI.VirtualWorkstation and CI.VirtualServer are detected. |
If the system does not detect the configuration item type or operating system, it is identified as an unknown device. See View Discovered Assets and Change the Type.
When a configuration item is discovered, the Discovery Method field is populated in the Audit Detail section of the Details tab, as shown:
Apart from the Active DirectoryMicrosoft's Active Directory is a service that stores and manages network-based entities such as applications, files, printers, and people. scan, the other discovery methods are SCCM, LanProbe, Netscan, remote, user created, self registered (for gateway and client installations), and terminal sessions.
From time to time, computers might be added to the network. If LanProbe is enabled, new computers are discovered automatically. If LanProbe is not enabled, you must run another Active Directory scan in order to discover them.
After you generate a list of computers that are not audited, you can manage these computers by deploying an agent to them (see Deploying Agents to Other Computers) or by auditing them remotely (see About Running Agentless Audits).