Integrate with Active Directory (AD) environments

Windows Script file from umbrella

File: OpenDNS-WindowsConfigurationScript-2024-02-18.wsf

Description: Forwarding DNS logs from Domain Controllers. Configures Domain Controllers (DCs) to send DNS logs to Cisco Umbrella for visibility and logging purposes. Run using the command: cscript <filename> or cscript <filename> --username <sAMAccountName for custom user>

Windows Service (Active Directory Connector)

File: OpenDNS-Windows-Service.zip

Description: Windows Service or Active Directory Connector that integrates with Active Directory. Synchronizes Active Directory structure and users/groups with the Umbrella dashboard.

Cisco Umbrella Root CA Certificate

File: Cisco_Umbrella_Root_CA.cer

Description: Root certificate required for features like Block Page, Intelligent Proxy, and File Inspection. Must be manually installed on AD before running the configuration script and service. Can be deployed to client PCs via GPO.

Roaming Agent for Client PCs

File: OpenDNS-URC-win-3.0.466.zip

Description: Roaming agent for installing on client PCs.

Task in AD

For the WSF script, a username is required. The user should be a member of:

• Enterprise Read-only Domain Controllers
• Event Log Readers (only if deployment includes Virtual Appliances)

The user should also belong to "Domain Users" and "Users" groups.

Deployments / Core Identities

Check and add all gateway IPs for all locations to the core. Change DNS to forward traffic to Cisco Umbrella anycast servers.

To test DNS pointing to Umbrella, flush DNS and check https://welcome.umbrella.com/.

User PC

Install Roaming Agent and Certificate. Certificate installation on client PCs displays a block page for blocked sites instead of an error.

Logging to S3 Bucket

Log to a Cisco-managed or own S3 Bucket to save logs.

Policy Configuration

• Global Allow List: IP address supported
• Global Block List: URL supported with Block List