Directory Services Agent (AD)

This agent supports the Active Directory synchronization between Verify Privilege Manager Cloud instances and local directory services. This agent only needs to be installed on one system to perform the synchronization task. The local agent can be deployed into an AD environment instead of requiring direct connectivity from the server to the domain controllers. You will be able to configure the product in either method (direct or agent-based).

The agent method requires that the Directory Services Agent is installed on one computer connected to a domain controller. Once installed, the agent receives the Active Directory Sync (Agent) scheduled task along with other parameters such as the credential used, which AD objects, etc. to perform a synchronization between a Cloud instance and local AD.

If the Directory Services Agent is installed on a system with an Application Control or a Local Security Agent, a license will be consumed. If a system has the IBM Security Agent (Core Agent) and Directory Services Agent installed ONLY, no license is consumed.

The Directory Services Agent for local AD synchronization with Verify Privilege Manager Cloud instances is available for x64-bit systems only.

If the Directory Services Agent produces error messages about failed application control policy processing in the agent log, those messages can be ignored.

When upgrading Verify Privilege Manager to a newer version, it is recommended to also upgrade the Directory Services Agent so they are both on the same version.

We recommend the following topics for details pertaining to the Directory Services Agent functionality:

Prerequisites

The Core IBM Security Agent needs to be installed on the system that receives the Directory Services Agent installation. The other agents aren't required, but can be installed on the same system without issues.

Directory Services Agent Installation

Download the latest version of the Directory Services Agent via the Software Downloads page.

  1. Double-click the .msi file to start the installation wizard:

    wizard 1

    Close all other applications running on the system and click Next.

  2. On the EULA Agreement screen, select I accept the license agreement.

    eula 1

    Click Next.

  3. On the Destination Folder screen, keep the default installation destination or use Browse to select a different folder.

    destination

    Click Next.

  4. On the Ready to install screen, you have an option to go back to change your previous selection, otherwise click Next to proceed with the installation.

    ready

    If you have any other IBM Security Agents already installed on the system, the installer my prompt you to stop the services before you can proceed.

  5. After a successful installation of the Directory Services Agent, you will see the following screen:

    wizard 1

    Click Close.

  6. Restart any previously stopped agent services.