Active Directory

Last Updated:

 

April 18, 2025

Oleria’s identity security provides critical visibility into AD resources, enabling organizations to quickly identify, assess, and mitigate identity and access-related risks. As a result, it offers better support for large enterprises that rely on Active Directory (AD) for various aspects of identity and access management. Oleria's identity security solution significantly improves Active Directory management by providing complete visibility and control over your organization's identity and access landscape. 

This document provides step-by-step guidance for integrating Active Directory with your Oleria workspace.

Pre-requisites

  • Administrator permission on the Oleria workspace
  • An Active Directory Domain Joined (ADDJ) machine to install Oleria AD Agent.
  • Administrator permissions on the ADDJ machine 

Steps to Integrate Active Directory with Oleria Workspace

Step 1: Create a Service Account In the Active Directory

Step 2: Configure event forwarding

Step 3: Integrate Active Directory with the Oleria workspace

Step 4: Install Oleria AD Agent

Step 5: Verify the Active Directory status from the connected applications

Step 1: Create a Service Account in the Active Directory

Create an Active Directory Service Account and grant read-only permissions. 

1.1. Log in to Active Directory and create a new user, for example, Oleria Read Admin. 

1.2. Open your AD Domain →  select Delegate Control 

Select the user as shown below

Grant following read permissions 

  • Read all user information
  • Read all inetOrgPerson information

The account will be automatically added to the Domain Users group. Open Domain users group to verify the Service Account

Add the user to the Read-only Domain Controller group. 

Step 2: Configure Event Forwarding

Follow Microsoft Documentation to configure Windows event forwarding.

Step 3: Integrate Active Directory with your Oleria Workspace

Log in to your Oleria workspace and select Workspace > Integrations → Active Directory

Provide a name for your agent and click continue.

You will see a PowerShell Script with a copy option. You need to execute this script on a member (domain-joined) server where you want to install the Oleria AD Agent.

Step 4: Install Oleria AD Agent

Log in to the ADDJ machine, open PowerShell with administrator privileges, and run the script downloaded from step 2.

You will see the Oleria AD Agent installation process 

Accept the license terms and select Next

On the next page, provide the following.

  • Username: Provide the Service Account name created in step 1
  • Password: Provide the Service Account password 
  • DomainName:: Provide your domain name. Example if your domain name is example.local, provide dc=example,dc=local
  • DomainUrl: Provide your domain controller ip address

Select Next, and follow the prompts to complete the installation.

Once the installation is completed, you will see an OleriaADConnectAgent service in the services.

Step 5: Verify the Active Directory status from the connected applications

Log in to your workspace → connected integrations → Active Directory → select View Details to open the  side pane to view the agent health status.

Contact Us

For questions about this integration, please contact us at support@oleria.com.

How can a comprehensive identity
security solution empower your team?