Active Directory (LDAP)

Active Directory LDAP

Active Directory LDAP is a Directory Data Source integration. Data Source integrations are used during investigations to improve analysis and in interactive chat to help answer questions. They are optional, but enabling more tooling integrations enhances Dropzone analysis.

The Dropzone platform supports Active Directory (LDAP) to look up organizational information such as users, job titles, and devices.

Active Directory does require that you've enabled the Dropzone Connector.

Integration Overview

To enable these integrations you will perform the following actions:

Create a read-only service account
Grant the service account read access to users and computers
Determine your LDAP Base DN (Distinguished Name)
Install the credentials into your Dropzone tenant

Create a Read Only Service Account

Dropzone will use an AD service account for authenticating to your AD LDAP. To create a Read Only Service Account, do the following:

Open "Active Directory Users and Computers"

Right click on the container of your choice, such as "Users", and click New > User

Give it a first/last/full name
Give it a User Logon Name, such as svc-dropzone@

Record this User Logon Name for use later in the Dropzone UI where it is called "User"
Click Next
Provide a strong password and record it for use later in the Dropzone UI where it is called "Password"
Uncheck "User must change password at next login"

If you have a corporate-wide password rotation policy you should either disable it for this user, or you will want to change the password periodically in AD and update the Dropzone integration with the new password to stay within your organizational policy

Click "Next"
Click "Finish"

Apply Active Directory Permissions to the Service Account

Next, we will grant permissions to the service account. Most customers will apply this at the top of the forest so Dropzone has the most visibility into users/devices/etc, but you may pick a lower level if you wish to limit the scope.

Open "Active Directory Users and Computers"
Click "View" from the menu bar, and make sure "Advanced Features" is selected
Right click the top of your forest and select "Properties"
Select the "Security" tab and click "Add"
Type the name of the service account you created (e.g. svc-dropzone@) and click OK to search

Highlight the service account and click "Advanced"

In the "Permissions" tab, select the service account again and click "edit"

Set read for users
- Set the "Applies to" dropdown to "Descendant User Objects" so the service account can see all objects in the hierarchy
- In the Permissions section, make sure "Read All Properties" is checked
- In the Properties section, make sure "Read All Properties" is checked (this is further down the page)

Set read for devices
- Set the "Applies to" dropdown to "Descendant Computer Objects" so the service account can see all objects in the hierarchy
- In the Permissions section, make sure "Read All Properties" is checked
- In the Properties section, make sure "Read All Properties" is checked (this is further down the page)
Click the "OK" button to save

Note that device querying via LDAP is not yet supported in Dropzone AI

Determine The Service Account User Name

In Active Directory Users and Computers, find the service account just created
Right click on it and select Properties

Click "Attribute Editor" in the tabs at the top
Scroll down to the "distinguishedName" field

Double click it to pop it out
Record the full value of the distinguishedName field for use later in the Dropzone UI where it is called "Distinguished Name"

Determine your LDAP Base DN (Distinguished Name)

Your Base DN typically is based on your domain name, with DC= between each of the domain component. For example if your domain is example.com then the Base DN is likely DC=example,DC=com.

If you do not already know your Base DN, you can find it as follows:

In Active Directory Users and Computers, find the service account you created
Right click on it and select "Properties"

Click "Attribute Editor" in the tabs at the top
Scroll down to the "Distinguished Name" field

Double click it to pop it out
Record the part that starts with DC= for use later in the Dropzone UI where it is called the "Base DN"

Enable Active Directory LDAP

The Data source integration allows Dropzone AI to look up organizational information.

To enable the Data Source integration, you will need the following information:

Dropzone Field

Source

Server

The IP address or name of the AD server

Distinguished Name

The User info you copied from the service account's DistinguishedName found in Active Directory

Password

The service account password you set above

Base DN

The LDAP DN of your Active Directory

To enable the Data Source integration, do the following:

Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, click Settings > Integrations

Click "Available"

In the Search bar, search Active Directory, then click "Configure"

Input the service account user's Distinguished name and Password
Input the Base DN fields for searches
For the server name field, use ldap:// followed by your server name or IP
Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.

PreviousAbuseIPDB NextArchive Inspector

Last updated 6 months ago

Was this helpful?

hashtagActive Directory LDAP

hashtagIntegration Overview

hashtagCreate a Read Only Service Account

hashtagApply Active Directory Permissions to the Service Account

hashtagDetermine The Service Account User Name

hashtagDetermine your LDAP Base DN (Distinguished Name)

hashtagEnable Active Directory LDAP