Forum Discussion
Demoted domain controller in coverage report
Quite a while ago, we lost a domain controller (server died), and we cleaned up the object/reference in Active Directory (deleted computer object, removed from sites and services). Azure ATP, though, still detects it when generating the "domain controller coverage" report (in the domain controllers OU).
1. How does Azure ATP discover the domain controllers? And how often does it update?
2. Any suggestions on where to look to find the remaining references to this old domain controller?
Thank you!
12 Replies
I am guessing this is still not fixed?
I have 3 long demoted domain controllers that still appear in the domain controller coverage list.
Proper demotion and metadata cleanup has been performed on all of them.
Yes, we are on it
Has this been implemented? We are trying to increase our secure score and having all DCs with sensors is a requirement. We had a couple that were not decom properly and are showing in ATP still.
EliOfek I wasn't clear--the domain controller is not showing as an installed sensor, but as one which doesn't have the agent (in the "domain controller coverage report").
So, at the top of the sensors list, it says "You have installed Azure ATP Sensor on 9 out of 10 domain controllers," when it should say "9 out of 9."
- Hi, we're aware of the issue (lingering objects in the DC Coverage report) and are working to fix it.
