On Premise AD (Deprecated)

This page is for an outdated version of the On Premise AD script and should not be used! Please refer to the instructions here instead: Active Directory

Please contact Zilla Customer Support team (support@zillasecurity.com) to start configuring On Premise AD and retrieve the required integration details.

Prerequisites:

If you don’t have PowerShell installed on your machine. Please refer to this documentation

Configuring the script for use

  1. Copy files (ADscript.ps1 and config.yaml) to a directory. cd or navigate into this directory.

    1. Create a copy of config.yaml for reference of the original configuration provided as an example

  2. Open config.yaml in a text editor

  3. Identify the distinguished name (DN) for the Domain, and decide if you will be pulling the entirety of the domain to the directory or certain Organization Units (OUs). This will be defined under the DNS section of config.yaml .

    1. If individual OUs the config yaml will need to have line for the DN of each OU, example:

      - OU=Sales,DC=zillasecurity,DC=com - OU=IT,DC=zillasecurity,DC=com
    2. Alternatively, include a single specifying the DN of the domain, example:

      - DC=zillasecurity,DC=com

       

  4. On initial use, run with SftpEnabled = false this will simplify the first tests to avoid using an SFTP server to ensure the necessary data is collected from AD. A file, directory.csv , will be created in the current directory.

Complete the below steps if ready to connect script with SFTP, otherwise continue to “Steps to run the Script”

  1. Navigate to the Zilla web UI to create the directory application

    1. From Applications, select Add Application, follow by selecting Custom Application.

      image-20240209-175820.png
    2. Name the directory application, and complete any other desired values.

    3. Once created, navigate to Settings > User Directory then click on Add Application.

      image-20240209-180007.png
    4. Select the Custom Application you recently created.

    5. Finally, navigate to Applications, search for and select the Custom Application you created and set as a directory. The Application ID is required for the sftp configuration, this is found in the URL. Copy the value and replace <application-id> in the config.yaml file.

       

  2. (Optional for SFTP Only) If using the Zilla SFTP server an ssh key pair will need to be created, this must be in the RSA format and can be generated by performing the following.

    ssh-keygen -b 2048 -t rsa

    This will run you through a few prompts to generate a private and public key pair, the private key should be placed in a secure directory. The public key will need to be shared with Zilla support to configure SFTP for authentication.

  3. Update config.yaml to specify the path of the ssh private key, SFTP username, and the SFTP server hostname.

Steps to run the Script

  1. (Optional for SFTP Only) Open PowerShell with run as administration in Windows, or a terminal window on Mac and Linux which you have launched in PowerShell by running the command pwsh, enter the below command to install Posh SSH PowerShell module for SFTP.

  1. (Optional for SFTP Only) When prompted, Press Y to install the Posh SSH PowerShell module.

  2. Now, Enter the below command to install PowerShell module to support YAML.

  1. When prompted, Press Y to install the PowerShell-YAML module.

  2. Add config values to config.yaml file.

  3. Run the script by below command:

Note:

Private key for SFTP authentication should be in RSA format not in OpenSSH format. You can convert the format with this command:

Steps 1 to 6 are one time setup. Afterwards you just need to cd into that directory and execute 7th step only.

The script will create a directory.csv file in the current directory and will upload it to the SFTP server if SftpEnabled option is set to true in config file.

Help:

Having trouble? Please refer to this documentation