Faddom has the ability to connect to your Active Directory servers and determine which users are accessing which servers. Using this information, Faddom can show you information such as the top users connecting to a server and which servers individual users are connecting to.
Using the feature requires access to Active Directory and requires a Windows Proxy to perform the task. To install the proxy, you can follow How to Setup the Faddom Proxy. This needs to be done prior to setting up the Active Directory connection, however, if you already have one setup, you do not need a second one for this task.
Setting Up Discovery
Go to Settings > User Discovery
Click Add Active Directory Domain
Add the required details. If you have multiple domains, you will need to do this per domain.
The user you wish to use needs to be a member of the Event Log Readers Group as the information is gathered via the AD Event Log
Detect DCs Automatically - Faddom will try to resolve the domain name to get a list of domain controllers. Alternatively, you can specify which domain controllers to connect to manually.
Enable Discovery - To populate this data, this should be toggled on.
Ports 135 and 445 need to be opened from the Faddom proxy to the domain controllers. See What ports need to be open for Faddom to function. for more information see What ports need to be open for Faddom to function?
Once added, you will be presented with a list of domain(s)added. You can use the Edit
icon amend the details or the Delete icon to remove the connection.
Viewing the Results
There are two ways to see the information. You can use the Search function to search by user. Performing this search will show which servers and applications a user has accessed, as well as when the login occurred.
You can also see the results of what Faddom is found by navigating to the Security tab by going to the Server Properties