- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2018 03:59 AM
Hello, I'm trying to discover AD services or AD Domain Controller but it is failing
How is triggered the pattern? I don't see any Classifier related to that at first glance.
I also listed discovery_classifier_probe table and found no horizontal pattern to trigger "the pattern"Active Directory Domain Controller On Windows"
Is there a special mechanism for that???
Best Regards
Cedric
Solved! Go to Solution.
- Labels:
-
Discovery
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2019 05:30 PM
This actually has to be setup manually by following the steps below:
- Navigate to Discovery > CI Classification > Process
- Click on "New" and create a process classifier with the following parameters:
- Table: Active Directory Domain Controller
- Relation Type: Runs on::Runs
- Condition: Name contains lsass.exe
- Click on Save and add the "Active Directory Domain Controller Pattern" as follows:
- Under "Triggers probes", click on "Edit..."
- Choose "Horizontal Pattern":
- Click on "HorizontalDiscoveryProbe-Horizontal Patt" and choose "Active Directory Domain Controller Pattern on Windows"
- Perform a rediscovery and Active Directory domains should get created in the "cmdb_ci_ad_controller" table.
reference: https://hi.service-now.com/kb_view.do?sysparm_article=KB0714349

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2018 05:06 AM
The pattern is used for Service Mapping.
There are two different pattern types: infrastructure and application (shared library as well, but thats not relevant here). Infrastructure is windows server, load balancer (Netscaler, F5 etc), switches, routers etc. Application is... applications running on infrastructure components.
Application patterns are launched when running discovery, if there is a horizontal discovery probe for it - which there isnt for AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2018 01:05 AM
Hi Michael,
Deployed service mapping plugin in adev instance and started a map around an AD contoller,
Now I understand why the relate patterns have a trigger based on entry point on tcp or ldap connection.
Documentation is not clear on what could be discovered ONLY by Discovery
If you read that doc first: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/concept/c_Software.html then AD should be discovered by Discovery's patterns...
Now I'm referring rather to: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r_WhatDiscoveryCanDiscover.html when my manager ask me "which classes can we discover"?
Thank you
best Regards
Cedric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2019 05:30 PM
This actually has to be setup manually by following the steps below:
- Navigate to Discovery > CI Classification > Process
- Click on "New" and create a process classifier with the following parameters:
- Table: Active Directory Domain Controller
- Relation Type: Runs on::Runs
- Condition: Name contains lsass.exe
- Click on Save and add the "Active Directory Domain Controller Pattern" as follows:
- Under "Triggers probes", click on "Edit..."
- Choose "Horizontal Pattern":
- Click on "HorizontalDiscoveryProbe-Horizontal Patt" and choose "Active Directory Domain Controller Pattern on Windows"
- Perform a rediscovery and Active Directory domains should get created in the "cmdb_ci_ad_controller" table.
reference: https://hi.service-now.com/kb_view.do?sysparm_article=KB0714349
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2019 09:37 AM
I'd propose a slight adjustment from the conditions listed in the KB article. lsass.exe runs on most Windows computers (servers or desktops). This means the pattern will waste time/resources executing on a lot of extra machines, and throw a ton of Match step predicate is not matched errors.
To avoid these unnecessary errors, I'd suggest adding a condition where Listening On contains :389:
Domain Controllers will be listening on different ports than an lsass.exe process on a regular Windows machine. One port specifically used for DC is 389 See this Microsoft support article for more information:
https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-w...
Different environments may be configured uniquely. If these conditions do not identify Domain Controllers, more information can be found on the cmdb_running_process table, or by speaking to your organization's AD Admin.