Configuring Cisco Umbrella Windows AD Connector Part 1

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Applause] [Music] hey YouTube no it was kid here and in today's video we're going to take a look at how we can configure the Cisco umbrella Windows Active Directory connector and we're gonna do this using the script method on a domain controller hence the reason why this part of the video is called pawan like we always do we will start off with the main points that I have picked out as part of my ongoing efforts for the CCI security so these are the main points as I said that I've picked out they there is probably of us there is overs and I will include the links to relevant and useful locations at the end of this slide so the first one is that the script will run on the domain controller or the domain controllers if you have more than one the Windows Active Directory connector can be installed on a non DC server so as I said at the start of this video there's two methods to install in a Windows ad connector one method is using the script on the domain controller and a second method if you don't want to install it on the domain controller is by downloading some software which Ethan can install on Adam and joined but non domain controller server scripts run the pre checks before finishing the step so when you install or run the script a number of pre checks will be performed before the configuration is implemented and completed and if you do not have some of those presets the installation could stop and we'll take a look at that later on in the lab when we run this demonstration before configuring the script or before implement in the script rather you must have a username configured with the domain so the default username in the script is Open DNS underscore connector you can change that but you would have to modify the script itself that user the the password for that user cannot expire the password can include back slashes quotations Chevron brackets or colons and if deployed across multiple domains the password the password must also remain the same the user must also be a member of the following groups enterprise read-only event log readers and that's for environments where virtual appliances are used so in our demonstration and we'll take a look at the topology in a moment we are using vs so we will add this user to the enterprise log readers and then also distribute it comm users will also do the same for that the steps to configure in the Windows Active Directory connector via the script is pretty straightforward there's just the prerequisites and I mentioned on the previous slide and I've also included a link to the actual prerequisites recommendations that you can follow just to make sure that all the prereqs are covered for your environment that link will be shared in the video description at the end so first of all we need to download the actual Windows Active Directory connector we then need to create the required use them within come perform network checks to ensure that the connector fears and server can communicate with the Umbrella api so for instance if you are running a firewall or if your connector server vs a behind the firewall you will need to allow traffic to from those devices in order to clinic it with the Umbrella api the list of rules or the list of ports that are required can be found on the cisco umbrella documentation number four we then run the Windows Active Directory connector script and last of all we verify that the connector is registered with Cisco umbrella in the dashboard so for our demonstration today we are going to be using a topology like the one you can see on screen now so essentially what we have is we have a client and although we're not focusing on the client today we just focusing on the actual install via the script essentially what would happen is all DNS requests will pass to the umbrella fears the virtual appliances which then in turn will either direct those requests if they're locally to the DNS server inside or locally or if the requests are external then they will pass them off to the Cisco umbrella cloud the synchronization between umbrella and the connector is also performed and likewise the synchronization between the connector and the vias is also performed in the background so if we jump now into our lab environment we can start the process so I logged into your umbrella GUI we need to first navigate to deployments configuration sites and Active Directory and then what we need to do is we need to upper right corner press download and we should have two options for the active directory components so we'll go ahead and we'll download that okay now that that downloaded what we'll do now is we will create the Active Directory user so if I just stop my users some new user and our username is going to be Open DNS underscore connector just give it a first name and a last name of Open DNS or in fact we'll do Cisco umbrella and as I said in the presentation the password will never expire so we set that also set that and we will confirm a password okay so that user has been created now so if we just click on that user we look at the account we can see the account log on them now we need to add that user to the relevant groups we'll just go to member of add and I'll type in enterprise we don't we're okay that's fine so we'll okay now so we can see that that won't be knighted now we'll also add event log readers we'll add that one and distributed that one there we go so we've added them too as well press ok and then we'll apply that and press ok so to run a script you need elevated privileges and we also need to add CS script at the start of the powershell command so what we'll do is we'll open PowerShell with elevated privileges some running this as an administrator okay so now that's loaded what we'll do is we will type see a script space and then we'll never get to our file that we downloaded from Cisco umbrella which is here you can see on the screen and we'll drag that across into PowerShell and then we'll press ENTER on the PowerShell that starts to run now as you can see and now it's asking if we want to auto configure this domain the configuration for the domain controller so I'll go ahead and I'll press yes but before I can before I do that we can see that the server that I'm using a minute is Server 2019 we can see its IP address as well as its domain you can see firewall whether it's enabled or not and we can see if the active directory user exists which it does so that's the user that we created as well so we'll proceed we can also see that distributed comm is a member of an event log readers a member of the both those are said to true so we'll proceed with this now so it's configuring the system access the remote admin permissions on the firewall to be with my permissions our desktop permissions and it says are off config complete and full would you like to register the domain controller so what this is gonna do is gonna do an API call to a Cisco umbrella and it's gonna register this domain controller so we'll say yes as you can see that it's registering with a cloud you can see registration has been successful on this update in the status in the cloud and you can see there that the update has been successful so now if we go back to our umbrella GUI you can see now that is displayed as a domain controller in our Cisco umbrella we can see the name the IP address and we can then assign it to a specific site if we wanted to as well so that's essentially the configuration for configuring the Cisco umbrella Windows Active Directory connector using the script method on a domain controller so just to finish off I have some useful links here I will also pass these in the description of the video if you have any questions please feel free to reach out to me in the comment section of this video or any of my social media platforms please if you found this video useful subscribe like and if you want to stay up to date with the latest videos that I produce you can go ahead and click the notifications tab and every time I upload new content you will be notified until next time thanks for watching goodbye [Music] you [Applause] [Music]
Info
Channel: Network Wiizkiid
Views: 3,025
Rating: undefined out of 5
Keywords: Network Wizkid, Security, CCNP, CCNA, CCIE, CCIE Security, Cisco, Labs, Cisco Labs, #Cisco, #CiscoUmbrella, #Umbrella, #OpenDNS, #UmbrellaADConnector, #UmbrellaVA, #CiscoUmbrellaLab, DNS, UmbrellaDNS
Id: SG4mPVLSHrU
Channel Id: undefined
Length: 14min 28sec (868 seconds)
Published: Fri Apr 24 2020
Related Videos
Configuring Cisco Umbrella Windows AD Connector Part 2
Network Wiizkiid
1.8K
Cisco Umbrella Active Directory Integration and Umbrella VM
jhon fredy herrera osorno
21
Cisco Umbrella - Full lab (DNS, Cloud Proxy/SWG, AD Integration, AnyConnect, VAs, Cloud Firewall)
Flávio Costa - Segurança Descomplicada
2.1K
Configure Windows Server 2019 for Ubiquiti UniFi RADIUS Authentication
Alexander Hubbard
31K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
272K
How IT Works: Security at the DNS Layer with Cisco Umbrella
CDWPeopleWhoGetIT
33K
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
NetworkChuck
3.2M
Cisco Umbrella Virtual Applicance (VA) Installation
Secure Wire
5.7K
Cisco Umbrella - from zero to Hero
MrTechnomantra
868
Umbrella Roaming Security module install with Secure Web Gateway Proxy
Ciscolive Security Fan
525
SAML 2.0: Technical Overview
VMware End-User Computing
257K
Cisco Umbrella Azure Integration Demo
Cisco Umbrella
286
🔊 How to use Audacity to Record & Edit Audio - Beginners Tutorial
Kevin Stratvert
725K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.