Jun 24 2019 12:02 PM
Quite a while ago, we lost a domain controller (server died), and we cleaned up the object/reference in Active Directory (deleted computer object, removed from sites and services). Azure ATP, though, still detects it when generating the "domain controller coverage" report (in the domain controllers OU).
1. How does Azure ATP discover the domain controllers? And how often does it update?
2. Any suggestions on where to look to find the remaining references to this old domain controller?
Thank you!
Jun 24 2019 02:25 PM
@ajbravo if you did not uninstall the sensor prior to server loss, go into the config tab in the console UI, to the sensors list, and delete it from the list.
Jun 25 2019 08:19 AM
@EliOfek I wasn't clear--the domain controller is not showing as an installed sensor, but as one which doesn't have the agent (in the "domain controller coverage report").
So, at the top of the sensors list, it says "You have installed Azure ATP Sensor on 9 out of 10 domain controllers," when it should say "9 out of 9."
Jun 27 2019 10:34 PM
Jul 16 2019 08:01 AM - edited Jul 16 2019 08:02 AM
@Or Tsemah Any update on this? I just opened a case for this issue.
Jul 16 2019 08:07 AM
@Jake Platt, I hope to share some good news soon, rest assure that we are on it
Jul 30 2019 04:40 PM
@Or Tsemah hi, I am also facing the same issue. We have recently decommissioned 2 DC's and we did not installed ATP sensor on these DC's but it is still showing in the report " You have installed Azure sensor on 9 out of 11 DC".
How can i delete these from the report..
Jul 31 2019 01:14 AM
@roadrasher06 We are actively working on excluding these from the list of "Must-have" domain controllers.
Question: If excluded, would you still like to view these decommissioned DCs in the excel report as "unreachable" DCs (which will eventually be deleted) or they are of no interest to you at all?
Jul 31 2019 07:15 AM
Dec 05 2019 11:28 AM
I am guessing this is still not fixed?
I have 3 long demoted domain controllers that still appear in the domain controller coverage list.
Proper demotion and metadata cleanup has been performed on all of them.
Dec 05 2019 01:15 PM
Yes, we are on it
May 12 2020 09:57 PM
Has this been implemented? We are trying to increase our secure score and having all DCs with sensors is a requirement. We had a couple that were not decom properly and are showing in ATP still.
May 13 2020 01:10 AM
@jarrydanderson Yes, we are now using DCs reported by AD itself, if you believe it is showing false results, you can ping us at AatpFeedback@microsoft.com