- Create a new domain user and assign the user to the following builtin groups.
Distributed COM Users
Event Log Readers
Server Operators
- Domain Administrator Privileges are not required
- Login to Each Domain Controller you wish to use for User-ID and perform the following under MMC > WMI Control
- Add the WMI Control Snapin for the local computers and right click on WMI Control (local) and select properties
- Edit the Security settings for CIMV2 by adding your new domain user with the following:
Enable Account
Remote Enable
- Repeat for all domain controllers you wish to monitor
- Under Device > User Identification > User Mapping select the cog next to “Palo Alto Networks User-ID Agent Setup”
- Enter the created user accounts credentials
- Under the server monitoring tab add your Domain Controllers
- Commit your changes
- Verify User ID by entering the following in SSH Command Line
show user ip-user-mapping all
- This will return the users currently associated with User ID