How to create a Domain segment

This guide shows you how to create a Domain segment so that AlloyScan can discover devices that are members of an Active Directory domain.

Prerequisites

• Site Administrator role.
• An Audit Service deployed inside the same Active Directory domain as the targets, or one you are ready to install during the wizard.
• A Windows credential with permission to enumerate computers in the target domain.
• Network connectivity from the Audit Service host to the target domain controllers and member computers. See Required Ports Reference.

Steps

1. Navigate to Network > Segments.
2. Click + New segment.
3. On the Segment type page, select Domain and click Next.
4. In Step 1 - Select or install audit service, pick an Audit Service that is reachable to the target domain.
5. In Step 2, enter the Active Directory domain that AlloyScan should enumerate.
6. In Step 3 - Audit credentials, select a Windows credential that can read computer objects in the domain.
7. In Step 4 - Scan schedule, choose Daily, Weekly, or Monthly, or Continue without a schedule.
8. In Step 5, review the configuration and create the segment. > If you want every newly discovered domain device to be audited automatically, enable the Automatically audit discovered devices option on the segment.

Verify

After saving, the new segment appears in Network > Segments with the Domain type icon. Open the segment and click Scan to confirm domain enumeration is working — discovered domain members appear in the Scan Results grid with their NetBIOS, DNS, and IP attributes populated.

Note: Windows targets must be in the same Active Directory domain as the Audit Service host for agentless audit. Cross-domain or workgroup targets must be audited through an Audit Agent.

Related

• Segment Types Reference
• How to manage credentials
• How to install Audit Agents
• About Discovery and Audit