Discovery profile to test adding services
3 weeks ago
I would like to do a test run of a discovery profile to discover Windows server services and the domain accounts that run them. I would like to run it against a Test OU in my AD that has about 70 servers in it rather than the whole AD domain. When I run it, it discovers the servers, but does not add any services. I am running it with a Domain admin account that has access to all servers and is also a Priviledged Access Service Administrator.
3 weeks ago
Welcome to the forums.
Ideally you'd tell us what kind of service (on premises or SaaS) and what version you're using.
It's good to know if you've ever made this work before (have you?). It's different to do a response to illustrate how to do this, vs. do a post for troubleshooting purposes.
However, based on the limited information provided:
a) What type of discovery did you use? (Port Scan or AD)?
b) If you used Port Scan, did you use a discovery account (or multiple accounts) that had rights to interrogate the target systems? (e.g. local admin rights).
b) If you used Active Directory, did the domain account used had local rights to interrogate the target systems? (e.g. local admin rights).
c) In the Actions tab for the discovery profile, were the proper services checked?
e) The targeted systems, do they have any Services, Scheduled Tasks or IIS Application Pools that are using domain or local accounts?
f) What does the log for the discovery profile run say?
The more information we usually get, the better job we can do at trying to provide some feedback.