Skip to main content

Active Directory V2

active-directory-v2

Version: 2.2
Updated: Dec 19, 2023

Utilize user, group, and system information from Active Directory.

Actions

  • Get System Attributes (Enrichment) - Gather system attributes.
  • Get User Attributes (Enrichment) - Gather user attributes.
  • Group Attributes (Enrichment) - Gather group attributes.
  • List Users Groups (Enrichment) - Gather user's groups.
  • Create User (*Containment) - Create a new user.
  • Reset Password (Containment) - Reset a user's password.
  • Set Password (Containment) - Set a new password.
  • Set User Attributes (Containment) - Set a system's attribute.
  • Set User's Attributes (Containment) - Set a user's attributes.
  • Change System OU (Containment) - Change a system's organizational unit (OU).
  • Enable User (Containment) - Enable a user account.
  • Disable User (Containment) - Disable a user's account.
  • Remove Users From Groups (Containment) - Remove users from AD group.
  • Get Groups Members (Containment) - Retrieve users from AD group.
  • Add Users To Groups (Containment) - Add a user to a group.

Notes

Compatibility notice:

  • LDAP over TLS only work on 636, 3269 (secure) ports but STARTTLS; only work with 389, 3268 (non-secure ports).
  • LDAP over TLS required to have a CA Certificate of the active directory as Base64 encoded format.

External Libraries

Active Directory V2 configuration

Prerequisites

  • An Automation Bridge installation.
  • A Microsoft Windows Server with Active Directory Domain Services (AD DS) configured.

Setting up Microsoft Windows Server (optional)

If an existing Windows Server is not available, follow these steps to set up a new one in AWS:

  1. Create a Microsoft Windows Server 2019 Instance on AWS.
    1. Launch a new AWS EC2 instance.
    2. Choose Microsoft Windows Server 2019 Base as the AMI.
    3. Configure instance settings (for example, instance type, storage, security groups).
    4. Assign a key pair for secure access.
    5. Deploy the instance and wait for it to be fully initialized.
  2. Configure the Windows Server.
    1. Connect to the instance using Remote Desktop Protocol (RDP).
    2. Once logged in, open Server Manager.
  3. Install Active Directory Domain Services (AD DS).
    1. In Server Manager, select Add roles and features.
      Add roles and features
    2. Choose Role-based or feature-based installation.
    3. Select the Active Directory Domain Services (AD DS) role.
      Add roles
    4. Proceed with the installation and wait for it to complete.
  4. Promote the server to a domain controller.
    1. After installation, navigate to Server Manager > AD DS.
    2. Click on Promote this server to a domain controller.
      Promote server
    3. Choose Add a new forest and provide a root domain name (for example, csoar.com).
      Root domain name
    4. Configure Domain Controller Options.
      Domain controller options
    5. Set a Directory Services Restore Mode (DSRM) password.
    6. Complete the installation and restart the server.
  5. Verify Active Directory setup.
    1. After rebooting, log back in and open Active Directory Users and Computers.
    2. Verify that the domain is properly configured.

Configure Active Directory V2 in Automation Service and Cloud SOAR

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

  1. Access App Central and install the integration.
  2. Select the installed integration in the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource
  5. In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
  • Host. The hostname or IP address of the AD server.
  • Login Port. The port used for LDAP authentication (the default is 389 for LDAP and 636 for LDAPS).
  • Login DN (Distinguished Name). Enter the distinguished name format (for example, CN=Administrator,CN=Users,DC=csoar,DC=com). See the following sections for information about how to get the login DN.
  • Password. The corresponding password for the provided username.

For information about Microsoft Entra Connect V2 (formerly Active Directory V2), see Microsoft Entra Connect V2 documentation.

How to get login DN with a local account

Method 1: Using PowerShell (Get-ADUser)

  1. Open PowerShell as an administrator.
  2. Run the following command:
    Get-ADUser -Identity Administrator | Select-Object DistinguishedName
  3. Example output:
    DistinguishedName
    -----------------
    CN=Administrator,CN=Users,DC=csoar,DC=com

The DistinguishedName field contains the full LDAP path.

Method 2: Using Active Directory Users and Computers (GUI)

  1. Open Active Directory Users and Computers (ADUC) (dsa.msc).
  2. Enable "Advanced Features" by selecting View > Advanced Features.
  3. Navigate to the user account (for example, Administrator).
  4. Right-click the user and select Properties.
  5. Go to the Attribute Editor tab.
  6. Find the distinguishedName attribute. The value will be like: CN=Administrator,CN=Users,DC=csoar,DC=com. This is your Login DN.
    Login DN

How to get login DN with a service account

Once the service account is created in the Organization Unit:

  1. Open PowerShell as an administrator.
  2. Run the following command:
    Get-ADUser -Identity <service-account-name>
  3. To view all the service accounts inside AD:
    Get-ADUser -Filter * | Select-Object Name, SamAccountName, DistinguishedName
  4. Example output:
    DN example output
  5. Below is the example path:
    Example path
  6. Add the distinguishedName as the Login DN and correct the password of the service account.
    Edit resource
    Below is the full form of each term:
    Full form of terms

Change Log

  • March 25, 2021 - First upload
  • March 11, 2022 - Logo
  • June 21, 2023 (v2.1) - Updated the integration with Environmental Variables
  • December 19, 2023 (v2.2)
    • Updated action: User Attributes
      • Now, with the User Attributes Action, users can be filtered based on their distinguishedName (DN)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.