Responder & Active Directory OUs

This page summarizes the capabilities and current limitations of Responder for Organization Units (OUs) within an Active Directory (AD) environment.

Key Points:

Current Capability:
- Once Active Directory integration is complete, the AIR will display the domain on the Assets page.
- Users can filter assets by clicking on their Organization Unit on the Assets page. Further filtering for "Managed Status in Managed" will show assets where the Responder is installed.
Limitation and Requests:
- As of now, AIR does not support querying or installing Responders directly at specific OU levels (e.g., SecurityTesting.Binalyze.local) beyond the root AD level (e.g., binalyze.local).
- A feature request has been submitted to allow integration directly at the OU level to enhance targeted management within the domain structure.
Installation Note:
- The AIR Responder will report on systems where it is installed. It does not automatically install on systems within an AD environment where it is not already installed.

Integrating AIR with Active Directory: Permissions Information

When integrating AIR with Active Directory, it is important to note that the account used for this integration does not require Domain Admin permissions. The integration primarily involves LDAP searches for reading directory information. Therefore, having Domain Users permission is sufficient for LDAP integration with AIR. This ensures that the necessary operations can be performed securely without granting excessive privileges.

Conclusion: Efforts to extend AIR's integration capabilities to specific OUs are ongoing, following feedback and feature requests. This enhancement aims to provide more granular control and efficiency in managing cybersecurity operations across different organizational units.

PreviousGolden Image NextAIR Responder Exception Rules

Last updated 9 months ago

Was this helpful?