Forum Discussion
Demoted domain controller problem with agents
I ran into an issue with 2 agents on certificate authorities failing to start with LDAP connection errors. The AD site they are had all its domain controllers replaced with new servers a few weeks a...
I don't remember ever having to provide a dc name when setting them up. I just downloaded the installer and provided it the access key. Either way, the agent should be able to handle infrastructure changes a little better and automatically. Would the agent start to fail if a DC went down for a few days as well?
EliOfek
Microsoft
MicrosoftThat was always true for integrated sensors on domain controllers.
For ADFS sensors from the previous generation, after the sensor installation you had to go to the portal and define a target DC for resolution.
In the modern sensors, this step is now optional, as setup will use one from the locator and allow you to change it in the portal if you wish.
You can also add more than one to allow fallbacks.
See:
https://learn.microsoft.com/en-us/defender-for-identity/deploy/active-directory-federation-services#post-installation-steps-for-ad-fs--ad-cs-servers-optional
For ADFS sensors from the previous generation, after the sensor installation you had to go to the portal and define a target DC for resolution.
In the modern sensors, this step is now optional, as setup will use one from the locator and allow you to change it in the portal if you wish.
You can also add more than one to allow fallbacks.
See:
https://learn.microsoft.com/en-us/defender-for-identity/deploy/active-directory-federation-services#post-installation-steps-for-ad-fs--ad-cs-servers-optional