2 Replies Latest reply on Jun 27, 2014 7:43 AM by curtisi

    Directory Service Query Tool vs Directory Service Log Connector

    shadowhawk100

      Hello LEM Community ...

       

      I'm a bit confused. What are the nuances between using the Directory Service Query Tool at the appliance level and the Directory Service Log Connector at the Connector-Level?

       

      Is it better to have both or just one of them active in your domain? (I'm wondering if there would be log discrepencies or redundancy that would cause errors/unintended responses with more advanced rule engines)

       

      Thanks!

        • Re: Directory Service Query Tool vs Directory Service Log Connector
          Lawrence Garvin

          As I understand it...

           

          The Directory Service Query Tool is used to query Active Directory (via LDAP) to return users and groups to create access accounts to use LEM.

           

          The Directory Service Log Connector is used to query the AD logs to return event data.

           

          As far as I know there's no crossover between either. You use the DSQT if you need to create AD-based LEM accounts. You use the DSLC to get AD-specific log data.

          • Re: Directory Service Query Tool vs Directory Service Log Connector
            curtisi

            LGarvin is correct.

             

            The Directory Service Query Tool (with the orange wrench) is how you configure the LEM to reach out to LDAP and pull in information about users (so you can log in with domain credentials) and groups.  It's also how the LEM will perform response actions on AD if your rules call for it, like unlocking or disabling accounts.

             

            SolarWinds Knowledge Base :: How to create LEM console users with domain credentials

             

            The Directory Service Log Connector (the blue wrench) is a reader: it looks for Directory Service logs, and normalizes them for the alert database.

             

            As a note, we use that color code with all connectors: blue connectors are usually passive, gathering data and normalizing it for the LEM.  Orange connectors are there to perform some sort of action, which is why the Email Active Response connector is Orange, but the Exchange log connectors are blue.

            2 of 2 people found this helpful