Active Directory Domain Controller Machines

The Cisco Context Directory Agent monitors the security event log of the Active Directory Domain Controllers in order to retrieve information about user logins and deliver this data to the consumer devices.

Upon startup CDA reads a time based window (history) of users that are already logged-in. After CDA is up and running it monitors and retrieves user logins in realtime. Connection is required between CDA and the Active Directory domain controller for retrieving the user login events.

To connect to the Active Directory Domain Controllers, the CDA uses an Active Directory user.

An Active Directory user used by CDA must have the required permissions in order to connect and monitor the Active Directory Domain Controllers

The Active directory user used by CDA can be a member of the Domain Admin Group; however this is not mandatory if you have installed Cisco CDA patch 1 (any future CDA patches would include patch 1 functionality as well).

The connection between CDA and the Active Directory Domain Controller is also authenticated using MS NTLM protocol. CDA patch 1 supports NTLMv1 and NTLMv2.

Related Topics

 • Permission Required when an Active Directory User is a Member of the Domain Admin Group, page 2-7

 • Permission Required when an Active Directory User is Not a Member of the Domain Admin Group, page 2-7