Microsoft Active Directory

Overview

Active Directory (AD) remains the cornerstone of identity management for the majority of enterprises and is a frequent target for identity-based attacks. Cisco Identity Intelligence (CII) provides unified visibility and actionable insights across on-premises and hybrid identity environments by integrating directly with your AD using a secure, open-source PowerShell script.

This document provides a high-level overview, architecture, and the main benefits of AD integration. Detailed setup and technical instructions are maintained in the official GitHub README, which you should consult for the latest configuration steps.

What Problem Does This Solve?

Traditional Active Directory environments often lack unified visibility with cloud or other identity providers, making it challenging to detect risky accounts, misconfigurations, and weak access controls. By integrating Cisco Identity Intelligence (CII) with AD, organizations are able to:

• Gain a comprehensive identity inventory by merging on-prem AD users and groups with identities from SaaS, cloud, or other directories, creating a single source of truth for identity management and security analytics.

• Detect risks and hygiene issues automatically such as stale accounts, guest accounts, and non-compliant or weak password practices, reducing attack surface and supporting regulatory compliance.

• Classify users flexibly (e.g., service accounts, administrators, executives) through customizable rules, which enhances monitoring, access control, and the enforcement of targeted security policies.

High-Level Architecture

The integration is designed for simplicity, security, and scalability:

• Open-Source PowerShell Script: A lightweight script, maintained by Cisco, runs on a server with AD connectivity—no agent installation needed on domain controllers.

• Provisioning and Credential Security: A one-time script is used to securely encrypt your CII API credentials on the host machine. Credentials are encrypted and tied to the specific machine for enhanced security.

• Data Collection & Sync: The main script queries AD for user and group data, then transfers it securely to Cisco Identity Intelligence using the SCIM protocol.

Setup and Deployment

1. Create a new integration in CII UI. To get started, log in to Cisco Identity Intelligence, go to Integrations > Add Integration > Active Directory. Follow the on-screen steps to give the integration a name, add an optional description, and generate your credentials. Once the credentials are generated, download them by clicking the Download json button.

2. Download scripts and follow README guidance. Next, visit the Active Directory Integration GitHub repository to download the integration scripts and follow the README for detailed guidance on installation, configuration, and customization.

All installation, configuration, and customization steps are documented and updated in the GitHub README. Please refer to the README for:

• Prerequisites and permissions

• Script download and credential provisioning

• Script execution and scheduling (e.g., with Windows Task Scheduler)

• Customization options (attribute filtering, user classification, etc.)

• Troubleshooting and FAQs

For security best practices, always follow the official guidance in the README regarding credential management and script updates.

Appendix

• License: The AD integration scripts are open source, licensed under the Apache License 2.0.

• Support: For technical issues not covered in the README, please reach out to Cisco support.