This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Scanning Target Not Saving, Disappears after Selecting OK after Adding new Scanning Target

Go to solution
Jmartinr
Engaged Sweeper II

‎11-23-2023 10:45 PM - last edited on ‎03-31-2024 03:20 PM by Community Manager

Hello,

Trying to configure a new Active Directory User/Group Path scanning target. 

After I fill in the required information (Scanning Type, Asdi Path, Domain & Description) and click OK, the window closes and it does not create a new scanning target. I can tell because the list of total scan targets does not change, I have also tried filtering for all Active Directory User/Group Path scanning targets and none appear. 

Any advice is appreciated. 

Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
Jmartinr
Engaged Sweeper II

‎11-29-2023 07:54 PM

Lansweeper support has confirmed that this is a known bug, with no ETA on a fix. 

Thanks for your help @jduke_halls , I appreciate your quick responses!

View solution in original post

7 REPLIES 7
Go to solution
Mister_Nobody
Honored Sweeper II

‎11-30-2023 05:18 AM

Oh, LS 11.1 is very buggy.

0 Kudos
Go to solution
Jmartinr
Engaged Sweeper II

‎11-29-2023 07:54 PM

Lansweeper support has confirmed that this is a known bug, with no ETA on a fix. 

Thanks for your help @jduke_halls , I appreciate your quick responses!

Go to solution
jduke_halls
Engaged Sweeper III

‎11-28-2023 10:59 PM

If you haven't already, you're also going to want to set up an "Active Directory Domain" scan target: https://community.lansweeper.com/t5/scanning-your-network/scan-an-active-directory-domain-scanning-t.... You won't need to add the OU filters to the AD scan itself, since you already have the other scan for the User/Group Path.

If you're on-prem AD Scanning, I recommend setting up a preferred Domain Controller and LDAPS for your domain. Default port for LDAPS is 636 - Best practice in Microsoft-land. It's a little beyond halfway down on your Scanning Methods page. There's even a "Test" to make sure everything is working correctly in the LDAP(S) area.

If you're using Active Directory Certificate Services to generate certs across your environment, you'll want to make sure your LanSweeper Scanning server has the ADCS CA cert that your AD generated in the Trusted Root Authorities in Certificate Management for the Computer Certificate store. 

0 Kudos
Go to solution
Jmartinr
Engaged Sweeper II
In response to jduke_halls

‎11-29-2023 02:17 PM

Hi there, thanks for your response

You're correct, we already have an Active Directory Domain scan target, which has been in place for a while, using on-prem AD. We also already have a preferred domain controller configured. 

In our AD Domain scanning target, there are no OU or Site filters, so as I understand it should also be scanning AD groups? 

This is the result I get when running the "Domain Computers and their AD groups" report.

 

Jmartinr_1-1701263850599.png

It's the same for all line entries in this report, all attributes relating to AD groups are blank.

0 Kudos
Go to solution
jduke_halls
Engaged Sweeper III
In response to Jmartinr

‎11-29-2023 02:39 PM

Yeah, at minimum, you should likely be getting the Domain Computers account.

In your ADSI path for your scanning target on the AD User/Group path, are you using the root of the domain being scanned (i.e. DC=subdomain,DC=sampledomain,DC=local) or are you mapping to a specific OU (i.e. OU=Network Users,DC=subdomain,DC=sampledomain,DC=local)?

If you're mapping to a specific OU, you may need to add more OUs to make sure the scanning captures all the data needed. So in the example below, Groups and Users are in separate OUs

DC=subdomain,DC=sampledomain,DC=local
├── Network Computers
│   └── # OUs for computer types
├── Network Groups
│   └── # OUs for type of groups
├── Network Users
│   └── # OUs for user types
├── Users
│   └── # Default AD location with built-in AD Groups
...

In this case, if I don't go to the root level and want to capture all of my OUs, I'll have to add 4 different User/group paths to make sure that everything can be scanned and associated together

  • OU=Network Computers,DC=subdomain,DC=sampledomain,DC=local
  • OU=Network Groups,DC=subdomain,DC=sampledomain,DC=local
  • OU=Network Users,DC=subdomain,DC=sampledomain,DC=local
  • OU=Users,DC=subdomain,DC=sampledomain,DC=local

The "easy" way would be to use the root of the domain (DC=subdomain,DC=sampledomain,DC=local), but as admins, we should err toward giving scanners the least amount of privileges needed to accomplish what we're trying to do.

0 Kudos
Go to solution
Jmartinr
Engaged Sweeper II
In response to jduke_halls

‎11-29-2023 02:51 PM - edited ‎11-29-2023 02:53 PM

Hello Jduke,

Part of the issue is that when trying to set a new AD User/Group path scanning target, it just simply does not add the scanning target once the OK button is selected to create the target. I'm able to add other scanning target types no problem.

The scanning target list does a quick re-fresh after OK is pushed but the total number of targets does not go up, nor does the target get added to the list. I had presumed this was because we are already scanning for AD groups using the AD Domain scanning target type. 

I've tried adding the specific ADSI path to the OUs I want scanned using the AD User/Group target type, as well as simply the root to the domain as the ADSI path, but both paths refuse to take, and the same behavior is observed where the new scanning target is not added. 

Thanks for your help with this, it's really appreciated. 

0 Kudos
Go to solution
jduke_halls
Engaged Sweeper III
In response to Jmartinr

‎11-29-2023 03:47 PM

The behavior of saying it's in the scanning queue and not being there on the AD User path is normal. Also, just to make sure, when you scan your AD paths, did you enable the scanning interval? Are you logging Active Directory security events to a SIEM and can you see the activity from your LanSweeper server?

If those are all good, it sounds like it could be a bug. I know that since version 11 came out with the new scanning engine that there have been some issues with AD Scanning.

We had a major issue where we turned off the LanSweeper server/scanner on 11.1.1.3. After the update to 11.1.2.1, we don't seem to have any problems currently with the AD side of things.

We'll likely be updating to 11.1.3.0 sometime soon, just a little twitchy about updating after the 11.1.1.3 debacle.

If you want to engage LanSweeper support in this: https://www.lansweeper.com/contact-support/. They have a couple things that will help them diagnose (screenshots, video, gatherlogs) listed on the page that will hopefully get you an answer as to what's happening.

0 Kudos

Reports & Analytics

Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now