Forum Discussion
ATP sensors...download report shows far more domain controllers than expected
On the sensors config page, it shows "Azure ATP sensors on xxx of yyy domain controllers". What we are seeing, is that yyy is definitely more domain controllers shown than in our forest. How is ATP determining that list of DCs ? If I download the list....I am seeing domain controllers listed that were decomm'ed some time ago, hence it looks like ATP does not update/prune its discovery list.
Anyone else see this ?
5 Replies
- EliOfek
Microsoft
StuartH . It's a known issue in case the read only AD user account supplied to AATP does not have access to the AD Deleted objects folder.
We are working on discovering this info in another way that won't need special permissions.
This feature is now tested with select customers, and when it will be mature enough will be released to everyone, after which the mentioned report should look fine.
EliOfek Appreciated.
Having enabled the directory account read rights to our multiple \Deleted Objects containers (we have single forest, multiple domains)...we are still seeing the "retired" sensors in the list. Something else need to be done to kick this into life to prune things away?
How close are you to the new "feature", where this wouldn't be needed ?
