Skip to main content
User Discovery
Alex Patnick avatar
Written by Alex Patnick
Updated over 2 months ago

Faddom has the ability to connect to your Active Directory servers and determine which users are accessing which servers. Using this information, Faddom can show you information such as the top users connecting to a server and which servers individual users are connecting to.

Using the feature requires access to Active Directory and requires a Windows Proxy to perform the task. To install the proxy, you can follow How to Setup the Faddom Proxy. This needs to be done prior to setting up the Active Directory connection, however, if you already have one setup, you do not need a second one for this task.

Setting Up Discovery

      1. Go to Settings > User Discovery



      2. Click Add Active Directory Domain

      3. Add the required details. If you have multiple domains, you will need to do this per domain.

          • The user you wish to use needs to be a member of the Event Log Readers Group as the information is gathered via the AD Event Log

          • Detect DCs Automatically - Faddom will try to resolve the domain name to get a list of domain controllers. Alternatively, you can specify which domain controllers to connect to manually.

          • Enable Discovery - To populate this data, this should be toggled on.

          • Ports 135 and 445 need to be opened from the Faddom proxy to the domain controllers. See What ports need to be open for Faddom to function. for more information see What ports need to be open for Faddom to function?

      4. Once added, you will be presented with a list of domain(s)added. You can use the Edit

        mceclip11.png

        icon amend the details or the Delete icon to remove the connection.

Viewing the Results

There are two ways to see the information. You can use the Search function to search by user. Performing this search will show which servers and applications a user has accessed, as well as when the login occurred.

You can also see the results of what Faddom is found by navigating to the Security tab by going to the Server Properties

  1. Click on a server from a map, search, or click on the properties icon - from any list view

  2. Click to expand the properties

  3. Click on the Security tab where you will be presented with the information

  4. You will see the Security Dashboard

    user discovery.gif
Did this answer your question?