https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568372#M114709 <P>no issue at all</P> <P>there are a few prerequisites:</P> <P>&nbsp;</P> <P>make sure your mgmt interface has your internal domain name set in Device &gt; setup &gt; management</P> <P>use your internal DNS servers in the DNS config of the mgmt interface Device &gt; Setup &gt; Services</P> <P>also add NTP servers and make sure your system clock is accurate</P> <P>then create a kerberos profile in Device &gt; Server Profiles &gt; Kerberos</P> <P>&nbsp;</P> <P>now complete the agentless config in Device &gt; User Identification &gt; User Mapping &gt; User-ID Agent Setup</P> <P>&nbsp;</P> <P>then you can add all your ADs in Device &gt; User Identification &gt; User Mapping &gt; Server Monitoring</P> <P>You'll want to use WinRM as WMI is going to be patched to death on the AD</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>hope this helps</P> Tue, 05 Dec 2023 08:48:37 GMT reaper 2023-12-05T08:48:37Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568356#M114707 <P>Dear Team,</P> <P>&nbsp;</P> <P>I will be integrating User-id agentless method, can i integrate with multiple AD servers to achieve this or is there some challenges to integrate agentless with multiple ad servers?</P> <P>&nbsp;</P> <P>regards,</P> <P>Doyen Admin</P> Tue, 05 Dec 2023 08:12:24 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568356#M114707 Doyenadmin 2023-12-05T08:12:24Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568372#M114709 <P>no issue at all</P> <P>there are a few prerequisites:</P> <P>&nbsp;</P> <P>make sure your mgmt interface has your internal domain name set in Device &gt; setup &gt; management</P> <P>use your internal DNS servers in the DNS config of the mgmt interface Device &gt; Setup &gt; Services</P> <P>also add NTP servers and make sure your system clock is accurate</P> <P>then create a kerberos profile in Device &gt; Server Profiles &gt; Kerberos</P> <P>&nbsp;</P> <P>now complete the agentless config in Device &gt; User Identification &gt; User Mapping &gt; User-ID Agent Setup</P> <P>&nbsp;</P> <P>then you can add all your ADs in Device &gt; User Identification &gt; User Mapping &gt; Server Monitoring</P> <P>You'll want to use WinRM as WMI is going to be patched to death on the AD</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>hope this helps</P> Tue, 05 Dec 2023 08:48:37 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568372#M114709 reaper 2023-12-05T08:48:37Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568388#M114712 <P>Its a windows server, can i do it with WMI ? if not then what challenges i will be facing, please give input on this as well.</P> Tue, 05 Dec 2023 10:04:50 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568388#M114712 Doyenadmin 2023-12-05T10:04:50Z https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568414#M114722 <P>you can, but you will need to configure your windows server to accept WMI as microsoft launched a bunch of patches that made WMI nearly impossible to use</P> <P>&nbsp;</P> <P>WinRM over http runs out of the box and over https you need to add a certificate. So, far less challenging than WMI</P> Tue, 05 Dec 2023 13:05:22 GMT https://live.paloaltonetworks.com/t5/general-topics/agentless-user-id-integration/m-p/568414#M114722 reaper 2023-12-05T13:05:22Z