https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/388739#M90534 <P>Hi Guys,</P><P>&nbsp;</P><P>Does anyone know or have experience on configuring User-ID agent to perform user mappings for users who are currently logged in to a domain controller.</P><P>&nbsp;</P><P>The issue I am facing is that anyone logs into a domain controller is not being pickup by User-ID agent, so there is no user mapping for any of our domain controllers. All other servers on the same subnet as the DC are fine, no issues.</P><P>&nbsp;</P><P>Any ideas?</P><P>&nbsp;</P><P>Thanks</P><P><BR />Leo</P> Wed, 03 Mar 2021 02:07:36 GMT Leo_Huang 2021-03-03T02:07:36Z https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/388739#M90534 <P>Hi Guys,</P><P>&nbsp;</P><P>Does anyone know or have experience on configuring User-ID agent to perform user mappings for users who are currently logged in to a domain controller.</P><P>&nbsp;</P><P>The issue I am facing is that anyone logs into a domain controller is not being pickup by User-ID agent, so there is no user mapping for any of our domain controllers. All other servers on the same subnet as the DC are fine, no issues.</P><P>&nbsp;</P><P>Any ideas?</P><P>&nbsp;</P><P>Thanks</P><P><BR />Leo</P> Wed, 03 Mar 2021 02:07:36 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/388739#M90534 Leo_Huang 2021-03-03T02:07:36Z https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/388791#M90541 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/95819">@Leo_Huang</a>&nbsp;, From what I can remember... &nbsp;this is because DC local logins are not registered in the security logs. I can’t remember what we did so will have a dig.&nbsp;</P> Wed, 03 Mar 2021 06:55:12 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/388791#M90541 Mick_Ball 2021-03-03T06:55:12Z https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/392787#M90955 <P>The normal server Monitoring should do the trick. Do you see the<STRONG> user login events&nbsp; </STRONG>in the Domain server logs, if not then it is a Windows issue. If they are present you will need to check many things like if the Palo Alto has the right credentials if login attemps are seen on the DC from the Palo Alto, does the zone has User id mapping allowed, do the DC allow a non Windows device like palo alto to connect or an external UserId agent is needed, maybe do pcap captures and check the Palo Alto authd log and so on:</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC</A></P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClR1CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClR1CAK</A></P><P>&nbsp;</P> Mon, 22 Mar 2021 18:30:01 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-mapping-for-users-logged-in-to-a-domain-controller/m-p/392787#M90955 nikoolayy1 2021-03-22T18:30:01Z