[KB7766] Synchronize ESET PROTECT On-Prem with Active Directory

Issue

  • Synchronize the ESET PROTECT Virtual Appliance or ESET PROTECT On-Prem for Linux with Active Directory
  • Synchronize ESET PROTECT On-Prem with Active Directory after automatic synchronization fails
  • Configure communication between the ESET PROTECT Virtual Appliance and Active Directory
  • Fix connection issues indicated by the "No agent" icon displayed next to a computer name
  • Prerequisites
  • Create and run an Active Directory synchronization task in ESET PROTECT On-Prem

Solution

Prerequisites

Before creating the Active Directory synchronization task, ensure that all Active Directory objects to be synced have the correct DNS and reverse DNS records on all servers. Incorrect or inconsistent records can result in improper object sorting or cause objects to be placed in the Lost and Found group.


Create and run an Active Directory synchronization task in ESET PROTECT On-Prem

  1. Open the ESET PROTECT On-Prem Web Console.

  2. Open the Tasks view: click the expand icon () at the bottom left of the page to expand the navigation panel. Click Tasks. Under Server Tasks, click Static Group SynchronizationAddServer Task.

  3. Under Basic, type a name for the task, verify that Static Group Synchronization is selected in the Task drop-down menu, select the check box next to Run task immediately after finish, and click Continue.

  4. Under Settings, click Select below Static Group Name. Alternatively, click New Static Group to create a new static group.

  5. Select the target static group for the computers to be added and click OK.

  6. Below Common Settings, define the synchronization behavior.

  7. Scroll down to Server Connection Settings, type the connection information and select the check box next to Use LDAP instead of Active Directory. The LDAP Parameters settings will appear below.

    Default Active Directory settings

    If you have configured the default Active Directory connection settings in Advanced SettingsActive Directory, you can leave the connection-related fields below Server Connection Settings empty—the default connection settings will be used automatically.

    The default Active Directory connection settings are automatically used in all Active Directory synchronization tasks (user synchronization, static group synchronization, and domain security group synchronization).

  8. In the LDAP Parameters settings, below Presets, click Select → Active Directory.

    Populate computer details with Active Directory attributes

    When you select Use LDAP instead of Active Directory and the Active Directory preset, you can populate the computer details in ESET PROTECT On-Prem with attributes from your Active Directory.

    Only attributes of the type DirectoryString can be used. You can use a tool (for example, ADExplorer) to inspect the attributes on your Domain Controller. See the corresponding fields in the table below:

    Computer details fields Synchronization task fields
    Name Computer Hostname Attribute
    Description Computer Description Attribute
  9. Select the check box below Use Simple Authentication.

  10. Scroll down to Synchronization Settings, click Browse next to the Distinguished Name field. Your Active Directory tree will be displayed. In the Active Directory tree, select the groups that you want to synchronize with ESET PROTECT On-Prem and click OK. If you select the top group or leave the field empty, the entire Active Directory tree will be synchronized.

    Active Directory tree not loading

    If the Active Directory tree fails to load, deselect the check box next to Use Simple Authentication and try again.

  11. Click Finish. The task will be added to the list of tasks and will run immediately.

  12. After the Active Directory synchronization is complete, create a task to remotely install or reinstall the Agent on the added computers.