Faddom connects to your Active Directory servers to populate the User Inventory, allowing you to identify which users are accessing which servers and assisting with AD management. The interface lets you view your groups and their members while highlighting any empty groups. This functionality helps streamline Active Directory management by facilitating group cleanup and offering valuable insights such as identifying the top users per server and tracking which users are accessing your applications via the Client icon on maps.
To use this feature, Faddom requires access to your Active Directory. If Faddom is deployed on Linux (via OVA or the Cloud Marketplace), a Windows Proxy is required to perform this task. Follow the guide How to Setup the Faddom Proxy to configure this. This step must be completed before configuring the Active Directory connection. If you already have a proxy set up for another feature such as Software Discovery, you can use the existing proxy without needing an additional one.
Setting Up Discovery
Navigate to Settings > User Discovery
Click Add Active Directory Domain
Add the required details. You will need to do this per domain if you have multiple domains.
The user account you provide needs to be a member of the Event Log Readers Group, as Faddom gathers information via the AD Event Log. Protected Accounts cannot be used due to Microsoft restrictions, even if the account is a Domain Administrator.
When configuring the domain, you can enable Detect DCs Automatically to have Faddom resolve the domain name and get a list of domain controllers. Alternatively, you can specify which domain controllers to connect to manually. Toggle Enable Discovery on to populate the user data.
Discovery Schedule
You can configure when User Discovery runs by setting a schedule below the domain configuration. Faddom supports time-based intervals including every 10 minutes, 30 minutes, or custom intervals. This is particularly useful in environments where Active Directory logs are wiped frequently, allowing you to capture user activity before the logs are cleared.
Ports 135 and 445 need to be opened from the Faddom proxy to the domain controllers. For more information, see What ports need to be open for Faddom to function?
Once added, you will see a list of configured domains. You can use the Edit icon to modify the details or the Delete icon to remove the connection.
Viewing the Results
Inventory
You can see users and groups in the Faddom Inventory by selecting Users or Groups and opening the properties of the relevant Active Directory object. Expand groups to see the users in each group, and click on a user to see which other groups they belong to. Faddom also shows you which users have higher permissions (such as domain admin) as well as any empty groups in your AD.
Search
You can use the Search function to search by user. Enter a username and it will begin to autofill. Selecting a username will show which servers and applications that user has accessed, as well as when the login occurred.
Server Properties
You can also see user information by navigating to the Security tab in Server Properties. Click on a server from a map, search, or properties icon from any list view. Expand the properties and click on the Security tab to view the Security Dashboard for that server. You will see a list of users, and clicking on one will open the User Profile.
User Profile
The User Profile contains two tabs. User Activity shows the applications and servers the user accessed. User Details shows the details recorded in Active Directory, including name, email address, location, groups, and manager.
