AD Bridge 22.1 Release Notes

January 31, 2022

New Features and Enhancements:

  • Logstash/Elasticsearch integration with AD Bridge: This feature adds the capability to send event records to Elasticsearch or Logstash. The Reporting Database Connection Manager has a new section to configure integration points for Elasticsearch or Logstash. Once configured, events are sent to Elasticsearch. Users can query Elasticsearch for events from AD Bridge agents.
    • Timestamps for Elasticsearch/Logstash logging.
    • Logstash/Elastic configurable index suffix.
    • Logstash logging.
    • Send events to Elasticsearch.
    • Logstash credential storage.
    • Logstash: Implement HTTP data sink.
    • Store settings for Logstash endpoints.
    • New section for Elasticsearch in Reporting Database Connection Manager.
  • Reporting roles - scripted permissions: Adds the ability to set up and create the necessary roles required for AD Bridge Reporting, simplifying reporting deployments. Once the database is deployed, an additional script grants the permissions to each of the Active Directory groups in the database.
    • Configuration logging for BTeventreaper.
    • Exceptions in service thread causes DBReaper to become unresponsive.
    • Add User Access report into BMC.
    • Reporting Roles script available in resource folder.
    • Script the recommended groups and permissions for database.
    • Added logs for DBEventReaper in log Directory.
  • DBReaper logging:  BTEventdbreaper now generates logs in C:\Program Data\BeyondTrust\logging and is configurable via the nlog.conf file. Previously, logs were generated by running bteventdbreaper in debug mode via the command prompt.
  • Post install configuration wizard additions:  In 21.1.0, AD Bridge redesigned the installers and moved the Directory Integrated (DI) mode configuration to a new wizard outside of the installers. In 22.1, we expanded this wizard to streamline new deployments and demos. It includes all the steps to setup the user mapping, licensing and reporting.

    Configuration wizard features include:

    • DI Mode Promotion: This allows users to setup DI mode by indexing and promoting attributes to the Global Catalog. This comes with a clean UI to show the changes that will occur.
    • Default Cell: Creates a default cell at the root of the domain.
    • Provision Group to Cell: Select group to provision to the default cell.
    • License Container: Creates a license container at the root of the domain and imports the license.
    • Default GPO: Creates a default GPO at the root of the domain and includes policies in line with the server best practices.

    Other Configuration wizard improvements:

    • Removed GPO refresh interval check.
    • Check to see if default GPO exists.
    • New policy: disable user logon Group Policy processing.
    • Added Default Group Policy.
    • Added import license to Configuration wizard.
    • Added GPO to Configuration wizard.
    • Added logging to Configuration wizard.
    • Added license container to Configuration wizard.
    • Warn against provisioning of domain users.
    • Added provisioning of group to cell.
    • Added cell creation into the Setup wizard.
  • Added Centos Stream 8 SELinux support .
  • Added LAM tester tool.
  • Removed RFC2307 list of LDF files we provide.
  • Removed NIS from DSUtils.
  • Removed NIS mapping from migration tool.
  • Removed NIS permissions from delegation of control and default/named cell tree in Cell Manager.
  • Removed NIS Mapping from Windows.

Issues Resolved:

  • The Config Wizard now detects whether system is joined to a domain.
  • Resolved issue in which Ldbupdate error resulted in assembly message.

Notes:

  • AD Bridge 22.1 supports upgrades from 9.0.2, 10.0, 10.1, 21.x.