Best Practices for AD Bridge Reporting Tool


AD Bridge Reporting requires an SQL Server database called the AD Bridge Enterprise Database (EDB). Because SQL Server integrates fully with AD, database ownership and rights can be set directly for AD users, and SQL Server supports Integrated Security (which does not require username and password combinations in connection strings).

Collector Servers

AD Bridge Reporting also requires Windows platforms to run the Collector server and Enterprise Database Forwarder. These are the only Windows services that AD Bridge software ships. Best practice for network design and WAN traffic management is to place the Collector servers closer to the AD Bridge agents. To support auditing in case of a Collector failure, the AD Bridge agents only need to be pointed to a different collector. To support this situation, we suggest that the customer build a number of Collector servers equal to or greater than the following formula:

Total Collectors = ((number of AD Bridge Agents) / 400) + 1

Group Policy

To use the full functionality of the reporting solution, BeyondTrust suggests setting all of the Enable AD Bridge Auditing settings in Group Policy, and enabling the Syslog Auditing policy.

Reporting Tool Best Practices Summary

  • Use MS SQL Server RDBMS.
  • Use one collector for each 400 AD Bridge Agents.
  • Use Group Policy to enforce AD Bridge Reporting Settings.