The following table provides a list of valuable resources on configuring and troubleshooting User-ID:
PAN AD Useragent - Excluding users?
Note: If you have a suggestion for an article, video or discussion not included in this list please post a recommendation in the comments below and it will be added to the master list.
Very helpful. Thank you!
For tuning of terminal server clients the following article is also beneficial. https://live.paloaltonetworks.com/t5/Configuration-Articles/Terminal-Server-Agent-Registry-Tuning-fo...
Two other articles that are useful for excluding users from being mapped are
Thanks for the links @benparker and @anjain, I have updated the list to reflect the new links.
Links need to be updated. For example "How to Configure Active Directory Server Profile for Group Mapping and Authentication" is from 2012 and contains pics that are no longer relevant. Please update.
Thanks for your notification! I've updated the screenshots in that article to reflect PAN-OS 7.1
I would very much like more information on the client probing, specfiically things like:
How to test/validate? (relevent logs?)
Functions or commands to pull user information from endpoint/system?
Permissions required (in ad)?
Concerns of security (2014 saw issues) and how to mitigate?
Why is the * only in the show user-mapping-ip-mp and not user-mapping-ip?
For those looking for more details on creating a User-ID Specific service account, I recommend the following documentation link. https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/create-a-dedicated-service-a.... It contains the recommendations as well as reasons and caveats for the different permissions based on what you are trying to accomplish.