Installing User-ID Agent on Domain Controller

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Installing User-ID Agent on Domain Controller

L2 Linker

Has anyone ran into any issues when deciding to install the user-id agent on a domain controller in an organization with about 6000 users.

2 accepted solutions

Accepted Solutions

L7 Applicator

Victor, Hi.

we have approx double that ammount and felt best advised to keep the agent away from the DC.

others of course prefer to install on the DC's to reduce traffic.

 

even if our user count was 1k or so we would probably still keep the agents seperate as doing any work on a DC involves a mind blowing ammount of change forms and time.

 

by keeping the agents seperate we can modify as and when we like.

 

however... i can see no reason why your DC's would not cope, but if they are currently running at 75%  then perhaps not...

 

you do of course have the option of using local agents on the Palo.

 

so... yes we had issues but probably not the ones you were thinking of...

 

View solution in original post

L2 Linker

I would put it on a stand alone server. Let your DC be a DC no need to introduce an additional point of failure on it. 

View solution in original post

5 REPLIES 5

L7 Applicator

Victor, Hi.

we have approx double that ammount and felt best advised to keep the agent away from the DC.

others of course prefer to install on the DC's to reduce traffic.

 

even if our user count was 1k or so we would probably still keep the agents seperate as doing any work on a DC involves a mind blowing ammount of change forms and time.

 

by keeping the agents seperate we can modify as and when we like.

 

however... i can see no reason why your DC's would not cope, but if they are currently running at 75%  then perhaps not...

 

you do of course have the option of using local agents on the Palo.

 

so... yes we had issues but probably not the ones you were thinking of...

 

Hello,

There are also policy and compliance requirements to take into consideration. For us we were not allowed to do this so we have a utility server just for this purpose. 

 

Just some thoughts.

L2 Linker

I would put it on a stand alone server. Let your DC be a DC no need to introduce an additional point of failure on it. 

Thanks for responding

Thanks for the comment

  • 2 accepted solutions
  • 4628 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!