Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/30/2024 04:50 AM
Hi
As per ADSI connector documentation we need to confirm "that the ADSI agent can communicate with the server hosting Active Directory on an LDAP port. The default ports are 389 and 636."
But, how to do this? should we just use a telnet / curl command to check this connectivity OR there is more to it which is not mentioned in Saviynt documentation.
Please help.
Regards
Gaurav
Solved! Go to Solution.
05/30/2024 05:23 AM
Hi @GauravJain,
Are you using SC2.0 to connect to customer environment ? If yes, you can perform the below command to validate flow is opened with ADSI and agent is running :
nmap -p <PORTS, usually 8090,443> <IP OR DNS> -Pn
Sample command :
nmap -p 8090,443 saviyntadsiconnector.customerdc.net -Pn
This should return a "open" state if it has been correctly installed following the documentation.
Also, to make secure connection with ADSI, make sure to grab the ADSI machine certificate (signed by Group CA certificate) and import it into Saviynt, and add it to the connector.
Hope this helps !
05/30/2024 06:27 AM
Hi - thanks for quick revert.
Yes, we are using SC client (hosted in our environment) to connect to all target systems (AD in this case).
"nmap" command doesn't exist on our SC client host so is there any other way to test it?
secondly, you mentioned "make sure to grab the ADSI machine certificate (signed by Group CA certificate) and import it into Saviynt, and add it to the connector". So, do i need to use ADSI agent host name / ip address as CN to generate a certificate and later signed by Group CA? Is my understanding correct?
Regards
Gaurav
05/30/2024 06:31 AM
One more thing, in this command
nmap -p <PORTS, usually 8090,443> <IP OR DNS> -Pn
which IP address / DNS one should use here? is it ADSI agent host DNS or something else?
06/05/2024 12:16 AM
You should use this command from your SC2 client and target the IP / DNS of the ADSI agent host.
05/30/2024 05:30 AM
Using telnet
Using curl
05/30/2024 11:00 PM
Thanks @rushikeshvartak @adriencosson .
can you guys please revert on my other questions as well?
1) @adriencosson mentioned "make sure to grab the ADSI machine certificate (signed by Group CA certificate) and import it into Saviynt, and add it to the connector". So, do i need to use ADSI agent host name / ip address as CN to generate a certificate and later signed by Group CA? Is my understanding correct?
2) Install the SSL certificate for this website - ADSIConnector
while creating a certificate request, do i need to mention my AD host name / IP address in CN (common name) because ADSI will internally connect to AD host for all the operations. can you please confirm this as well?
3) Even after installing latest ADSI agent from artifacts which is "2024.2.1.0", our ADSI logs are still printing 2023 version. what could be the issue? we have already restarted IIS service but no luck.
Regards
Gaurav
06/03/2024 05:08 AM
Hi @rushikeshvartak @adriencosson
i have tried telnet command for connectivity between ADSI and AD server and its working fine.
can you please revert on my other pending questions to close this post?
Regards
GAurav
06/03/2024 11:47 AM
To generate a certificate for the ADSI agent host, you typically follow these steps:
Generate Certificate Request (CSR):
Sign the Certificate:
Import and Configure in Saviynt:
When creating a certificate request for the ADSI connector:
If the ADSI logs are still printing the 2023 version after installing the latest ADSI agent version (2024.2.1.0) and restarting the IIS service, there are a few things you can check:
06/04/2024 11:29 PM
thanks @rushikeshvartak for your revert.
On point #3 - we have restarted both IIS service and ADSI agent. Also verified logs but no luck.
i think we will have to either reinstall ADSI agent or upgrade it,
Regards
Gaurav