Discovery: Discover Domains, Accounts, and Endpoints



BeyondTrust Vault is an on-appliance credential store, enabling discovery of and access to privileged credentials. You can manually add privileged credentials, or you can use the built-in discovery tool to scan and import Active Directory and local accounts into BeyondTrust Vault.

For more information, please see BeyondTrust Vault Technical Whitepaper.

Domain Discovery

With the BeyondTrust Vault add-on, you can discover Active Directory accounts, local accounts, and endpoints. Jumpoints are used to scan endpoints and discover the accounts associated with those endpoints.

To learn more about Jumpoints, please see the BeyondTrust Privileged Remote Access Jumpoint Guide.

DNS Name

Enter the DNS name for your environment.


Choose an existing Jumpoint located in the environment where you wish to discover accounts.

Management Account

Select the management account needed to initiate the discovery job. Choose to use a new account, which requires a Username, Password, and Password Confirmation to be entered. Or, choose to use an existing account discovered from a previous job or added manually in the Accounts section. Once an account is selected, click Discover to start the discovery job.


Enter a valid username to use for discovery (username@domain).


Enter a valid a password to user for discovery.

Confirm Password

Re-enter the password to confirm.

You can define which parts of a domain to run a Discovery/Import job. Once you select the required fields for a Discovery Job, you can refine the search by specifying which OU’s to target or entering LDAP queries.

Discovery Jobs

View discovery jobs that are in progress for a specific domain, or review the results of successful and failed discovery jobs.

View Results

View the results of the discovery job from the Discovery Results section, which includes discovered endpoints, discovered local accounts, and discovered domain accounts found on the domain. For each discovered item, a Name and Description are provided. You can select which endpoints and accounts to import and store in your BeyondTrust Vault instance.For each list item you wish to import, check the box beside it and click Import Selected.