Is there any possibility to use Active Directory users in the PRTG user management for login?

Hi there,

How do we manage the integration? is it with LDAP authentication? The creation of users must follow any specific rule? I just can't find any detailed info in User's Manual / Forum.

Thank You,

Well, have you read the link posted above https://www.paessler.com/manuals/prtg9/active_directory_integration.htm

Hi there,

I've seen the document.

To authenticate in AD i can use different protocols: NTLM, NTLMv2, Kerberos, LDAP... Do you support all of them? I cannot get this answer in the link or in the User's Manual.

Thank you for your support,

Kerberos & NTLM is a protocol-layer to which PRTG has no access using the ADSI (Active Directory Services Interface). However there are different providers which can be supported, the two main ones being LDAP & WinNT, of which WinNT is supported by PRTG.

AD integration appears to be pretty broken, per the following limitation: "If you want to reflect changes to your AD in PRTG, you have to delete the AD user group and all members first. Then add the AD group anew. This is because PRTG does not synchronize with your AD automatically." https://www.paessler.com/manuals/prtg/active_directory_integration

Correct propagation of AD group membership changes for existing users and groups does not happen. Not immediately, not on the "hourly sync schedule" (what does that even do?), and not even once daily. Since AD users are not re-created until they log in to the PRTG GUI (and they won't receive group-based notifications until they do), this presents a problem when you need to change AD group membership since all the users will potentially miss many notifications.

Paessler development has replied that they do not consider fixing this a priority. "I hope you understand that we are not able to allocate development power into the enhancement of the AD integration within PRTG, since the big majority of our users simply is satisfied with the way it is working right now." The only way users could be satisfied with the way AD integration currently works is by only using it for AD password authentication, avoiding finer-grained group-based security, and basing notifications on mail distribution lists. These imply lowered security and higher (redundant) administrative overhead.

I ran into this today. Not syncing AD changes makes no logical sense.

Andrew, thank you for the KB-Post. May I ask which exact issue you ran into? If a user is deleted in the Active Directory, the user shouldn't be able to login to PRTG either, because logins are checked against the Active Directory (only within one hour it's cached for performance reasons).