Forum Discussion
Demoted domain controller problem with agents
I ran into an issue with 2 agents on certificate authorities failing to start with LDAP connection errors. The AD site they are had all its domain controllers replaced with new servers a few weeks a...
EliOfek
Microsoft
Microsoftnlinley
When you initially installed the sensor on those machine you selected in the portal DCs that you want to use for resolution.
https://learn.microsoft.com/en-us/defender-for-identity/deploy/active-directory-federation-services#post-installation-steps-for-ad-fs--ad-cs-servers-optional
All you needed was to remove them from the portal registration, no uninstall was required.
The reason reinstall worked is because when uninstalling the sensor, it was untrgistered,
and when reinstalling a newer code was invoked that selects a DC using DC locator service instead of forcing you to manually choose.
- I don't remember ever having to provide a dc name when setting them up. I just downloaded the installer and provided it the access key. Either way, the agent should be able to handle infrastructure changes a little better and automatically. Would the agent start to fail if a DC went down for a few days as well?
- EliOfekThat was always true for integrated sensors on domain controllers.
For ADFS sensors from the previous generation, after the sensor installation you had to go to the portal and define a target DC for resolution.
In the modern sensors, this step is now optional, as setup will use one from the locator and allow you to change it in the portal if you wish.
You can also add more than one to allow fallbacks.
See:
https://learn.microsoft.com/en-us/defender-for-identity/deploy/active-directory-federation-services#post-installation-steps-for-ad-fs--ad-cs-servers-optional
