Configure Microsoft Active Directory Connection

A Microsoft Active Directory connection securely stores reusable authentication credential information for integrations with Microsoft Active Directory.

To create the Microsoft Active Directory connection, Alert Logic requires the following information about your Microsoft Active Directory:

  • Host—Hostname or IP address of the Active Directory that you want Alert Logic to access.
  • Base DN—Distinguished name of the Active Directory domain. The format of the distinguished name looks like DC=alertlogic,DC=com, rather than a domain name like alerlogic.com.
  • User and password—Credentials of the user that allows Alert Logic to log into the Active Directory client secret. Alert Logic recommends that you set up a dedicated user, rather than use one that is shared by human users or other software integrations.

This connection also requires an Alert Logic IDS appliance. You specify a network where the appliance is located, and Alert Logic chooses the appropriate appliance to connect to the specified hostname or IP address. Choosing the network instead of a specific appliance prevents you from needing to update the connection as appliances are added to or removed from the network. The IDS appliances in the selected network must be able to connect to your Microsoft Active Directory using the TCP port selected, 389 by default. Any routing, network segmentation, cloud security groups, and other network access controls must allow outbound communication from all IDS appliances in the selected network to your Active Directory.

Alert Logic provides the following steps to help you create the connection. For further questions about the steps performed in Microsoft Active Directory, contact Microsoft support.

  1. Create the Microsoft Active Directory connection from the Alert Logic console
  2. Use the connection
To integrate with Microsoft Office 365, use the Microsoft Azure connection. For more information, see Configure Microsoft Azure Connection.

Create the Microsoft Active Directory connection from the Alert Logic console

The first step is to create the Microsoft Active Directory connection in the Alert Logic console.

To create a Microsoft Active Directory connection:

  1. In the Alert Logic console, click the navigation menu icon (), click Configure, and then click Connections.
  2. On the Connections page, click the add icon (), and then click Microsoft Active Directory.
  3. On the Create a Microsoft Active Directory Connection page, type a descriptive name for the connection(example: Microsoft Active Directory Connection).
  4. In Host, type the hostname or IP address of the Microsoft Active Directory that you want to connect to.
  5. In Port, leave the default port number 389 for incoming connection requests, or change it if you have a custom configuration.
    If you select the Use TLS check box, Alert Logic ignores the port number specified and uses the TLS port number 636 automatically.
  6. If you want to require SSL with TLS for establishing a connection to Microsoft Active Directory, select the Use TLS check box. If the check box is cleared, Alert Logic verifies SSL certificates for requests it makes to Active Directory but does not use TLS to encrypt the requests.
  7. In Base DN, enter the distinguished name of the Active Directory domain (example: DC=my-ad,DC=mycompany,DC=net).
  8. In User, enter the username for the administrative account that allows Alert Logic access to log into your Active Directory client secret (example: Alert_Logic_Intelligent_Response).
  9. In User password, enter the password for the specified user.
  10. In Network ID, select the network that contains an Alert Logic IDS appliance that can connect to your Microsoft Active Directory.
  11. Click SAVE.

Use the connection

After you save the connection, you can use it for the simple response Microsoft Active Directory: Disable User.

Manage connections

You can view the list of connections and edit or delete an existing one. For more information, see Manage Connections.