Adding a domain

Adding an Active Directory domain in Cayosoft Guardian enables change monitoring and data backup for continuous protection against unwanted changes.

This article covers the wizard flow where the product first prompts you to download and connect an AD Connector before continuing with domain configuration.

Before you begin

Make sure you have:

• A domain-joined server in your on-premises Active Directory forest for the AD Connector

• Network access from that server to at least one domain controller

• Local administrator credentials for the AD Connector server

• Access to the Cayosoft Guardian web portal

Adding a managed domain

Add a domain when no AD connector is configured:

1. In the Guardian web portal, start the domain onboarding wizard.

2. In the Add domains and partitions wizard, on the Download AD connector step, review the banner message and click Download to download the AD Connector installer.

   

3. Install the AD Connector on your on-premises domain-joined server.

4. Return to the wizard and proceed to Download AD connector configuration file.

   

5. On the Download AD connector configuration file step, click Download to download the configuration file.

6. On the AD Connector server, open Cayosoft Guardian AD Connector.

7. Sign in to the AD Connector using local administrator credentials.

8. Go to Configuration > Guardian services, then click Connect to Guardian service.

9. Import the configuration file downloaded in step 5, then click Connect.

10. Wait until the connection status shows as established.

11. Return to the web wizard and click Next to continue or go to managed domains and click Add.

    

12. On the Specify connection accounts page, you can either:

1. Provide existing account credentials to add a domain for Forest Recovery and Change Monitoring.

   • Forest name

   • Account name

   • Password

   • AD connector

   NOTE: To configure a specific domain, a separate account for Cayosoft Guardian should be created with domain admin rights.

   

2. Create new custom group Managed Service Accounts. For more information on the permissions, see Planning and preparation: Cayosoft Guardian system requirements .

   • Forest name

   • Account name

   • Password

   • Specify a name for gMSA to be created

   • Add account to privileged g roups to use the automatic rollback feature

1. Click Next.

2. Enable domains and partitions which will be added to the product and click Next.
   
   

3. In case you have enabled the Create new custom connection accounts for only Change Monitoring option, enter Account name for configuring gMSA connection accounts with read-only permissions or configure gMSA connection accounts with elevated permissions, and click Next.

4. Enable Detect who performed changes or/and Start change collection immediately options on Change Monitoring options. Cayosoft Guardian enables native event logging for modifications on the partition to detect who perform changes.
   
   

5. Click Next. The Managed domains and partitions list will open.
   
   

6. Click Close. The added Managed domains will be displayed on the Managed Domains page.
   

Here you can perform the following actions:

• Refresh - refresh the page

• +Add - add a new domain

• Properties - edit the properties of the selected domain

• Check Health - check the health of the selected domain

• Export - export the list in HTML, CSV and JSON formats

• Delete - delete the selected domain

This Active Directory domain will now appear in your list of managed domains in Active Directory on-premises section on the Home tab.

Several collection jobs will be configured, like 'Default AD Backup Job'. By default, jobs are configured in continuous run mode. In case you need to run jobs at specific time, you can modify job settings under the Jobs node. Once the job completes the initial data collection, it would start to collect change records on each run. Navigate to Change Monitoring node to see what was changed in your domain.