Announcement

Collapse
No announcement yet.

Active Directory Application Integration Query?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Application Integration Query?

    Hi,
    Would anyone know of any tool / way of finding out what applications are dependent on Active Directory both MS and 3rd party?

    Thank, Paul

  • #2
    Re: Active Directory Application Integration Query?

    Turn off all your DCs and see what breaks. But you won't be able to log in as a domain admin anywhere, either.

    If you have no documentation as to what's installed and what the dependancies are, the only way I know is to collect software inventory info and then check on the needs of each piece of software. Things like Flash Player or Java won't need anything from AD, but any software which uses service accounts, or anything defined with specific ports in your firewall(s) and/or ACLs in router(s) might give you some hints.

    If you don't know the system from the ground up, I'm afraid it's a manual process. Inventory software can tell you what's installed, but not whether each module relies on anything from AD.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Active Directory Application Integration Query?

      Thanks, unfortunately turning off dc's isn't an option as it's a 24/7 environment. I've even asked people in Microsoft if they know of anything and will post again if I find a way.
      Paul

      Comment


      • #4
        Re: Active Directory Application Integration Query?

        This is not going to be one of those One click tools.
        I think you'll need to approach it from a couple of other angles.

        *Enable Auditing on your AD if not already done and filter down to the specific account to see for trends.
        *Run a query for AD accounts with password set to not expire (Long shot but they more likely to be used for a LDAP query)
        *Run a software inventory on your network and single out applications that are more likeley to use AD integration (By process of elimination or inclusion)
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Active Directory Application Integration Query?

          Thanks, just got this back from MS

          No tool they know but what to look for:

          The key dependencies to track would be:
          - Schema aware applications
          - Applications that use Service Accounts
          - Applications that use Service Accounts for Kerberos (Service Principal Names)
          - Applications that have hardcoded references to DCs typically applications that make LDAP calls
          - Apps that use an SCP in the AD to publish information (service connection point) like RMS, Exchange

          Comment

          Working...
          X