Active Directory User Exceptions (for Active Directory Integrations)

Overview

The Active Directory User Exceptions addresses a use case with service accounts logging in to perform tasks while an interactive user is also using a workstation. 

Many organizations use service accounts in order to perform scheduled tasks or automatic updates. The service account will generate a login event as a user that has a policy assigned in your Active Directory Insights (the AD Users or Computers listed under the Identities section in Step 1 of the Policy Builder). In that situation, the Umbrella Insights AD Connector that monitors who is logged into which computer will notice the new logon event and record that the current user for that computer is the automated update or scheduled task user is running as logged in. The net result is that the policy for the automated user will be applied instead of the user who is actively logged in and using the computer.   

The Active Directory User Exception can be applied to service accounts within your organization so their logon events to your Domain Controllers are ignored by the AD Connector.

Setting up Active Directory User Exceptions

1. Navigate to Deployments > Service Account Exceptions (formerly Settings > AD User Exceptions) and click the  (Add icon).
2. Enter the AD Username or login (SAM Account Name or sAMAccountName) for the account in the format "Username" without the domain defined.  
   
   IMPORTANT: This is not necessarily the same as the one displayed in the AD Users Identities in the Dashboard. Please confirm the account username in the Active Directory Users and Computers snap-in, not the Umbrella Dashboard. 
   
   
3. Click Create.

When should this feature be used?

• This should be used for any service accounts that perform scheduled tasks, for example software backups.
• This should be used for any service accounts that need to log in to the network to perform updates, for example anti-virus clients. 

When should this feature not be used?

Do not use this feature with any user accounts you wish to have the login events recorded for, or in other words, accounts whose activity you wish to see in the reporting and that should have policy applied to it.

Adding IP addresses to the Exceptions list

If using version 1.2.1 or higher of the Umbrella AD Connector, IP addresses can also be added as a "Username" into the Exceptions list.  The Connector will ignore all the events generated by the configured IP to exclude it from the AD mappings.  An example use case would be the IP address of a Netscaler server.

Note:  IP address ranges are not supported.  Only individual IP addresses, such as 10.20.30.40, are supported.