Active Directory
Connecting vScope to Microsoft Active Directory allows you to collect Users, Groups, Group Policies, Organizational Units, and Devices, enriching your asset inventory. Using the LDAP protocol, vScope can also connect to other directory services.
Requirements
- User account with permissions to read all users, groups, and computer objects.
Entering Authentication Details
- Navigate to Discovery > Credential > + Credential.
- Input the credential details required for authentication. Ensure the account has permissions to read users, groups, and devices from the data source.
- For Service Type, select AD to connect to Active Directory.
- Set Connection Type and Bind Method Type to Plain, which works for most Active Directory configurations.
Advanced Settings: Custom Inventory
-
Search Base DN (limit to sub-tree): This setting allows you to limit the inventory to specific parts of the Domain Tree. For instance, if you want to inventory assets only within a specific branch (such as a country or organizational unit), you can define the Base DN accordingly.
Example for limiting to the Users branch within the vscope.local domain:
CN=Users,DC=vscope,DC=local
Common Errors
| Error code | Error | Description |
|---|---|---|
| 525 | User not found | Returned when an invalid username is supplied. |
| 52e | Invalid credentials | Returned when a valid username is supplied but an invalid password/credential is supplied. If this error is received, it will prevent most other errors from being displayed. |
| 530 | Not permitted to logon at this time | Returned when a valid username and password/credential are supplied during times when login is restricted. |
| 531 | Not permitted to logon from this workstation | Returned when a valid username and password/credential are supplied, but the user is restriced from using the workstation where the login was attempted. |
| 532 | Password expired | Returned when a valid username is supplied, and the supplied password is valid but expired. |
| 533 | Account disabled | Returned when a valid username and password/credential are supplied but the account has been disabled. |
| 701 | Account expired | Returned when a valid username and password/credential are supplied but the account has expired. |
| 773 | User must reset password | Returned when a valid username and password/credential are supplied, but the user must change their password immediately (before logging in for the first time, or after the password was reset by an administrator). |
| 775 | Account locked out | Returned when a valid username is supplied, but the account is locked out. Note that this error will be returned regardless of whether or not the password is invalid. |
Additional Resources
- Learn more about configuring domain trees in Active Directory from the Microsoft Documentation on Domain Trees.