Installing User-ID Agent on Domain Controller

Reply
Highlighted
L1 Bithead

Installing User-ID Agent on Domain Controller

Has anyone ran into any issues when deciding to install the user-id agent on a domain controller in an organization with about 6000 users.


Accepted Solutions
Highlighted
L7 Applicator

Victor, Hi.

we have approx double that ammount and felt best advised to keep the agent away from the DC.

others of course prefer to install on the DC's to reduce traffic.

 

even if our user count was 1k or so we would probably still keep the agents seperate as doing any work on a DC involves a mind blowing ammount of change forms and time.

 

by keeping the agents seperate we can modify as and when we like.

 

however... i can see no reason why your DC's would not cope, but if they are currently running at 75%  then perhaps not...

 

you do of course have the option of using local agents on the Palo.

 

so... yes we had issues but probably not the ones you were thinking of...

 

View solution in original post

Highlighted
L2 Linker

I would put it on a stand alone server. Let your DC be a DC no need to introduce an additional point of failure on it. 

View solution in original post


All Replies
Highlighted
L7 Applicator

Victor, Hi.

we have approx double that ammount and felt best advised to keep the agent away from the DC.

others of course prefer to install on the DC's to reduce traffic.

 

even if our user count was 1k or so we would probably still keep the agents seperate as doing any work on a DC involves a mind blowing ammount of change forms and time.

 

by keeping the agents seperate we can modify as and when we like.

 

however... i can see no reason why your DC's would not cope, but if they are currently running at 75%  then perhaps not...

 

you do of course have the option of using local agents on the Palo.

 

so... yes we had issues but probably not the ones you were thinking of...

 

View solution in original post

Highlighted
Cyber Elite

Hello,

There are also policy and compliance requirements to take into consideration. For us we were not allowed to do this so we have a utility server just for this purpose. 

 

Just some thoughts.

Highlighted
L2 Linker

I would put it on a stand alone server. Let your DC be a DC no need to introduce an additional point of failure on it. 

View solution in original post

Highlighted
L1 Bithead

Thanks for responding

Highlighted
L1 Bithead

Thanks for the comment

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!