Directory Service Scanning with Prime Multiview
Along with the other methods of doing assessments against a range of assets, we added the ability to define a set of assessment targets based on a directory service query, such as Microsoft Active Directory.
To work properly the machine you are running the assessments from will need to be able to resolve the enumerated machine names to their IP addresses and it will need to be able to authenticate to each target asset. This works best if the machine doing the assessments is a member of the target domain and using a DNS server that is integrated with the domain.
To do a directory service assessment you will need to connect to the directory server and provide authentication information for an account with permissions to enumerate from the server. You can also provide a filter to select a specific subset of computers in the domain. If you are not familiar with the syntax for creating a directory service query filter click the "Build" button.
In a Windows domain, if your assessment machine is a member of the domain and the account you are running Prime is an administrator account you should be able to automatically authenticate to each target in the domain with no further consideration. Otherwise, just like with Network assessments, use the Authentication tool from the Tools menu to manage authentication information. As a fallback for each target asset Prime will attempt to use the account you authenticated to the domain controller.
As with all agentless assessments, each target needs to be configured to allow the necessary connections to take place before the assessment can begin. Refer to Appendix C in the Prime User's Guide for these details for Windows system. For non Windows systems Secure Shell (SSH) access is needed.