Cisco Cisco Firepower Management Center 2000

Type a user name and password with rights to query for user login and logoff data on the Active 
Directory server. To authenticate with a user via proxy, type a fully qualified user name.

By default, the domain for the account you used to log into the computer where you installed the agent 
auto-populates the 

 field.

If your user password contains 65 or more characters, you cannot configure new server 
connections. To regain this functionality, shorten your password.

Enter the domain that the Active Directory server is domain for in the Domain field. 

To detect logins to the Active Directory server, select an IP address from the 

 field. 

The agent automatically populates this field with all IP addresses associated with the server specified in 
the 

 field.

If the 

 field is blank or contains 

localhost

, this field is populated with all IP 

addresses associated with the local host.

Select 

 to enable the user agent to retrieve login events from this Active Directory 

server real-time.

Click 

. 

The server connection definition appears in the list of Active Directory servers. If you have more than 
one server connection configured, you can sort on 

, 

, 

, 

, 

, or 

 by clicking on the respective column headers.

If the agent cannot connect to the Active Directory server at configuration time, you cannot add 
the server. Check that the agent has TCP/IP access to the server, that the credentials you used 
can connect, and that you correctly configured the connection to the Active Directory server. See 

 for more 

information.

Optionally, to change the interval at which the agent automatically polls the Active Directory server for 
user login data, select a time from the 

drop-down list. 

After you save the settings, the next poll occurs after the selected number of minutes elapse, and recurs 
at that interval. If a poll takes longer than the selected interval, the next poll starts in the next interval 
after the poll ends. If real-time data retrieval is enabled for an Active Directory server, and the agent 
loses connectivity with the server, the agent keeps attempting polls until it receives a response and 
real-time data retrieval is available. Once the connection is established, real-time data retrieval resumes.

Optionally, to change the maximum time span polled when the agent first establishes or reestablishes a 
connection to poll an Active Directory server for user login data, select a time from the 

drop-down list.

You cannot save a value in the 

drop-down list less than the 

value selected from the 

drop-down list. The agent does not 

allow saving a configuration that would skip user activity data in each poll.

To save and apply configuration changes to the agent, click 

.

You have the following options:

To add or remove Defense Center connections, select the 

 tab. For more information, 

see