Verifying Active Directory configuration with ADCheck

The ADCheck command validates the configuration of MainView Middleware Monitor for Active Directory security. This single command runs several tests to ensure that your system is properly prepared.

Related topics

Configuring-Active-Directory-security 

Obtaining-and-installing-an-Active-Directory-server-private-certificate-on-a-client-system

ADCheck command syntax 

ADCheck [-d][-w]

where:

  • -d enables verbose debugging mode. The default is non-verbose debugging.
  • -w writes new security certificate information to the keystore. The default is to not write security certificates into your keystore.

By specifying the -w option, the ADCheck command captures the SSL security certificates that were transmitted by the Active Directory servers. These certificates are then used when connecting to the Domain Controllers in the future.

Note

Using the transmitted security certificate might pose a security hazard to your system. If the certificate was transmitted by some system other than the real Active Directory servers, your system could be vulnerable to a man-in-in-middle attack. The secure alternative is to get copies of the Active Directory SSL security certificates or CA certificates from your network administrator.

If your network is configured with multiple Active Directory servers in a round-robin configuration, ADCheck verifies connections to all servers.

To run ADCheck

Go to the InstallDir, and enter the ADCheck command, and press Enter.

The program then executes several tests to verify the configuration.

If necessary, you can add the option -d, which increases the verbosity of the test results that are run. When all the tests have completed, the message "All tests have completed successfully" is displayed. Your system should be properly configured.

Sample output from a successful ADCheck test

(C) Copyright 1996-2017 BMC Software, Inc.

All Rights Reserved.

Version 8.1.00 (build 410)

Verifying services.cfg

Configuration is using AD for authentication, internal directory for authorization

ADS connection using SSL

Verifying keystore

Keystore appears correct

Verifying keystore

Keystore appears correct

Checking domain controllers

Verifying domain controllers Security Certificates

Server ad.sample.com/172.22.96.45 is reachable, average 297(ms)

Verifying SWS operations

Using Active Directory domain name = ad.sample.com

Verifying service user TopicService

Verifying service user HistoryService

Verifying service user EventService

Verifying service user ProactiveNetService

Verifying service user ReportService

Verifying service user ClientGatewayService

Verifying service user BrowserService

There are 8 Users in the namespace scope

There are 6 Groups in the namespace scope

Checking product functionality

System is keyed for BMC TrueSight Middleware and Transaction Monitor - Performance and Availability and Transaction Monitoring

BTM permissions are adequate

TSMA Security Settings not checked, not configuring ldap

All tests have completed with 0 errors, 0 warnings.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*