diff --git a/docs/platform-services/automation-service/app-central/integrations/active-directory-v2.md b/docs/platform-services/automation-service/app-central/integrations/active-directory-v2.md index e758430a0e..98a3a3d762 100644 --- a/docs/platform-services/automation-service/app-central/integrations/active-directory-v2.md +++ b/docs/platform-services/automation-service/app-central/integrations/active-directory-v2.md @@ -41,6 +41,99 @@ Compatibility notice: * [LDAP3](https://github.com/cannatag/ldap3/blob/master/LICENSE.txt) +## Active Directory V2 configuration + +### Prerequisites + +* An [Automation Bridge](/docs/platform-services/automation-service/automation-service-bridge/) installation. +* A Microsoft Windows Server with Active Directory Domain Services (AD DS) configured. + +### Setting up Microsoft Windows Server (optional) + +If an existing Windows Server is not available, follow these steps to set up a new one in AWS: +1. Create a Microsoft Windows Server 2019 Instance on AWS. + 1. Launch a new AWS EC2 instance. + 1. Choose **Microsoft Windows Server 2019 Base** as the AMI. + 1. Configure instance settings (for example, instance type, storage, security groups). + 1. Assign a key pair for secure access. + 1. Deploy the instance and wait for it to be fully initialized. +1. Configure the Windows Server. + 1. Connect to the instance using Remote Desktop Protocol (RDP). + 1. Once logged in, open **Server Manager**. +1. Install Active Directory Domain Services (AD DS). + 1. In **Server Manager**, select **Add roles and features**.
Add roles and features + 1. Choose **Role-based or feature-based installation**. + 1. Select the **Active Directory Domain Services** (AD DS) role.
Add roles + 1. Proceed with the installation and wait for it to complete. +1. Promote the server to a domain controller. + 1. After installation, navigate to **Server Manager > AD DS**. + 1. Click on **Promote this server to a domain controller**.
Promote server + 1. Choose **Add a new forest** and provide a root domain name (for example, `csoar.com`).
Root domain name + 1. Configure **Domain Controller Options**.
Domain controller options + 1. Set a **Directory Services Restore Mode (DSRM) password**. + 1. Complete the installation and restart the server. +1. Verify Active Directory setup. + 1. After rebooting, log back in and open **Active Directory Users and Computers**. + 1. Verify that the domain is properly configured. + +## Active Directory V2 in Automation Service and Cloud SOAR + +### Required resources from an existing Active Directory installation + +To configure the Automation Service or Cloud SOAR to connect to an existing Active Directory installation, enter details about the Active Directory instance in the new resource configuration dialog: +1. Access integrations in the [Automation Service](/docs/platform-services/automation-service/automation-service-integrations/#view-integrations) or [Cloud SOAR](/docs/cloud-soar/automation). +1. After the list of the integrations appears, search for the **Active Directory V2** integration and click on the row. +1. The integration details will appear. Click on the **+** button to add a new resource. +1. Populate all the required fields (\*), including: + * **Host**. The hostname or IP address of the AD server. + * **Login Port**. The port used for LDAP authentication (the default is `389` for LDAP and `636` for LDAPS). + * **Login DN (Distinguished Name)**. Enter the distinguished name format (for example, `CN=Administrator,CN=Users,DC=csoar,DC=com`). See the following sections for information about how to get the login DN. + * **Password**. The corresponding password for the provided username. +1. Click **SAVE**. + +### How to get login DN with a local account + +#### Method 1: Using PowerShell (Get-ADUser) + +1. Open PowerShell as an administrator. +1. Run the following command: + ``` + Get-ADUser -Identity Administrator | Select-Object DistinguishedName + ``` +1. Example output: + ``` + DistinguishedName + ----------------- + CN=Administrator,CN=Users,DC=csoar,DC=com + ``` + +The `DistinguishedName` field contains the full LDAP path. + +#### Method 2: Using Active Directory Users and Computers (GUI) + +1. Open **Active Directory Users and Computers (ADUC) (dsa.msc)**. +1. Enable "Advanced Features" by selecting **View > Advanced Features**. +1. Navigate to the user account (for example, **Administrator**). +1. Right-click the user and select **Properties**. +1. Go to the **Attribute Editor** tab. +1. Find the `distinguishedName` attribute. The value will be like: `CN=Administrator,CN=Users,DC=csoar,DC=com`. This is your **Login DN**.
Login DN + +### How to get login DN with a service account + +Once the service account is created in the Organization Unit: +1. Open PowerShell as an administrator. +1. Run the following command: + ``` + Get-ADUser -Identity + ``` +1. To view all the service accounts inside AD: + ``` + Get-ADUser -Filter * | Select-Object Name, SamAccountName, DistinguishedName + ``` +1. Example output:
DN example output +1. Below is the example path:
Example path +1. Add the `distinguishedName` as the **Login DN** and correct the password of the service account.
Edit resource
Below is the full form of each term:
Full form of terms + ## Change Log * March 25, 2021 - First upload diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles-and-features.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles-and-features.png new file mode 100644 index 0000000000..387eb18d7f Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles-and-features.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles.png new file mode 100644 index 0000000000..2e67949d2f Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-add-roles.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-dn-output-example.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-dn-output-example.png new file mode 100644 index 0000000000..b08d0e12ef Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-dn-output-example.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-domain-controller-options.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-domain-controller-options.png new file mode 100644 index 0000000000..e793bac3c8 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-domain-controller-options.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-edit-resource.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-edit-resource.png new file mode 100644 index 0000000000..50229a441d Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-edit-resource.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-example-path.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-example-path.png new file mode 100644 index 0000000000..7da2058810 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-example-path.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-full-form.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-full-form.png new file mode 100644 index 0000000000..b8c765e9c7 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-full-form.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-login-dn.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-login-dn.png new file mode 100644 index 0000000000..aab29d4554 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-login-dn.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-promote-server.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-promote-server.png new file mode 100644 index 0000000000..58ec0fb342 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-promote-server.png differ diff --git a/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-root-domain-name.png b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-root-domain-name.png new file mode 100644 index 0000000000..0854e11a74 Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/active-directory-v2/active-directory-v2-root-domain-name.png differ