Skip to main content
Skip table of contents

Microsoft DNS, DHCP, AD, and Event Log Integration with Universal DDI and Universal Asset Insights (2596)

Scenario

In this lab, you are a systems administrator for an organization that uses a Microsoft Active Directory environment based on the techblue.co forest. The organization wants to integrate its Microsoft infrastructure services with the Infoblox Universal DDI platform to centrally discover and manage Active Directory, DNS, DHCP, and user activity information.

The environment includes the following systems:

System

Role

WEC-Server

Windows Event Collector (WEC) server used to host the Universal DDI Agent and collect Microsoft Event Log data

Windows-Server

Microsoft Active Directory Domain Controller for the techblue.co forest.
This server also hosts Microsoft DNS and Microsoft DHCP services

testing-Windows

Windows client system used to generate user login activity

As part of the integration, you create a Join Token, install and register the Universal DDI Agent, create reusable Microsoft credentials, and configure Microsoft discovery jobs for Active Directory, DNS, DHCP, and Event Log collection.

After the discovery jobs are configured, you generate a domain login event from the testing-Windows client and verify that the Infoblox Portal displays discovered Assets, DNS and DHCP data, and user activity.

Estimated Completion Time

60 minutes

Prerequisites

  • Administrative access to the Infoblox Portal

  • Administrative access to install agents on Microsoft servers

Tasks

Task 1: Creating a Join Token

In the lab environment, from WEC-Server, use the Education Infoblox Portal credentials to log in to the Infoblox Portal and create a new Join Token so the Universal DDI Agent can register to the correct tenant.

Use the following values:

  • Join Token: JT-MS

Task 2: Creating an IP Space

Create an IP space named Microsoft in the Infoblox Portal. You use this IP space later as the destination for Microsoft Dynamic Host Configuration Protocol (DHCP) discovery job.

Task 3: Installing the Universal DDI Agent

Download and install the Microsoft Universal DDI Agent on the WEC-Server VM, use the join token from Task 1 during installation, and then verify that the agent appears online in the Infoblox Portal and change the name of the Agent to Techblue_MSAD

Warning : This lab uses a simplified deployment model because of lab environment constraints. In a production deployment, you should install the Universal DDI Agents on multiple Microsoft servers, each dedicated to one type of discovery. For more information, please see the documentation for Installing Universal DDI Agents.

Task 4: Creating a Microsoft Credential

Create a reusable Microsoft credential in the Infoblox Portal. You use this credential for all Microsoft discovery jobs in the remaining tasks.

Use the following values:

  • Credential name: MS_Credential

  • Username: ibuser@techblue.co

  • Password: infoblox

Task 5: Creating the Microsoft Active Directory Discovery Job

Create a Microsoft Active Directory discovery job that uses the installed Universal DDI Agent, the Microsoft credential from Task 3, and the domain controller at 10.35.22.30 on port 389.

Use the following values:

  • Job name: AD_Discovery

  • Target: 10.35.22.30

  • Port: 389

  • Credential: MS_Credential

Note: This lab uses port 389 to simplify the exercise. In production environments, use the organization’s approved secure directory communication method and security controls.

Task 6: Creating the Microsoft Event Log Discovery Job

Create a Microsoft Event Log discovery job that uses the installed Universal DDI Agent.

Use the following value:

  • Job name: WEC_Event_Discovery

Task 7: Creating the Microsoft DHCP Discovery Job

Create a Microsoft DHCP discovery job that uses the installed Universal DDI Agent, the Microsoft credential from Task 3, the DHCP server at 10.35.22.30, and Read/Write synchronization.

Use the following values:

  • Job name: DHCP_Discovery

  • DHCP server: 10.35.22.30

  • Sync type: Read/Write

  • Credential: MS_Credential

  • Destination IP Space: Microsoft

Task 8: Creating the Microsoft DNS Discovery Job

Create a Microsoft DNS discovery job that uses the installed Universal DDI Agent, the Microsoft credential from Task 3, the DNS server at 10.35.22.30, and Read/Write synchronization.

Use the following values:

  • Job name: DNS_Discovery

  • DNS server: 10.35.22.30

  • Destination DNS View: New DNS View

  • DNS View Name : Microsoft

  • Sync type: Read/Write

  • Credential: MS_Credential

Task 9: Triggering a Domain Login

Log In to the testing-Windows client with the local training account and password infoblox. Run the interface-static-windows.bat script from the Tools folder as an administrator to point the client to the Windows server for DNS, and then Log Out. Log In again with the domain account techblue\training and password infoblox to generate user login activity.

Optional Task: Reviewing Microsoft DNS and DHCP configuration the Windows Server

Log in to the Windows-Server VM and review Microsoft DNS zones, DNS records, and DHCP scope information to become familiar with the local Microsoft management tools and the data synchronized with the Infoblox Portal.

Task 10: Verifying Data in the Infoblox Portal

Verify that the Infoblox Portal displays discovered Assets, DNS zones and records, DHCP scopes, user login activity, and endpoint-to-user mapping.

Check the following areas:

  • Network → DNS

  • Network → IPAM/DHCP

  • Assets → Inventory

Note: In this lab environment, user-login correlation data might not appear immediately after the domain Log In because of lab resource constraints. Wait up to 10 to 15 minutes, refresh the page, and then verify the Users section again.

Solutions

Task 1 Solution: Creating a Join Token

In this task, you create a join token in the Infoblox Portal. The Universal DDI Agent uses this token to register with the correct tenant.

  1. Login to WEC-Server VM using following credentials:

    1. Username: training

    2. Password: infoblox

  2. Use your Education Infoblox Portal Credentials to log into the Infoblox Portal.

  3. Navigate to System → Administration → Join Tokens.

  4. Click Create.

    1. Use JT-MS as the token’s name.

    2. Click Save & Close.

  5. Copy the token string from the popup window on your browser.

  6. Open the text editor Notepad on wec-server and save your join token.

    2026-05-10_18-38-06-20260510-130828.png

Task 2 Solution: Creating an IP Space

In this task, you create a new IP space in the Infoblox Portal. This IP space provides a dedicated destination for Microsoft DHCP data that you discover later in the lab.

  1. Navigate to Network → IPAM/DHCP in the infoblox portal.

  2. Click the Address Spaces horizontal tab.

  3. Click Create and then choose IP Space.

  4. In the Create IP Space window, enter Microsoft in the Name field.

    2026-05-10_18-41-40-20260510-131151.png

  5. Click Save & Close.

Task 3 Solution: Installing the Universal DDI Agent

In this task, you install the Universal DDI Agent for Microsoft on the WEC server. After the installation completes, you verify that the agent appears online in the Infoblox Portal.

  1. From the Infoblox Portal, navigate to System → Downloads.

  2. Select Universal DDI Agent

  3. Click Universal DDI Agent for Microsoft to Download the agent.

    2026-05-08_19-47-01-20260508-141801.png

  4. When the download completes, click Open file to start the installation.

    2026-05-10_18-46-39-20260510-131702.png

  5. When the installer prompts you for input, proceed through the installation screens as needed.

  6. Under RSAT Installation, click Check Installation.

    2026-05-10_18-47-42-20260510-140938.png

  7. A dialog box appears stating that all RSAT modules are installed and available. Click OK and click Next.

  8. Under Credentials, paste the join token that you saved in Task 1.

  9. Click Activate and wait briefly while the installer validates the join token.

    2026-05-10_18-49-17-20260510-141036.png

  10. A dialog box appears confirming that the join token is valid. Click OK and click Next.

  11. Click Install.

  12. If a User Account Control dialog box appears, click Yes.

  13. Click Finish to complete the installation.

  14. In the Infoblox Portal, navigate to Network → Services & Servers → UDDI Agent.

  15. Confirm that the agent status displays as Online. It may take one to two minutes for the agent to appear online.

  16. Click on the Agent Name . From the Right Panel under General Details , click Edit Attributes

    2026-05-10_18-55-45-20260510-144751.png

  17. Edit the Name of the Agent to Techblue_MSAD

    image-20260510-143238.png

  18. Click Save

Warning : This lab uses a simplified deployment model because of lab environment constraints. In a production deployment, you should install the Universal DDI Agents on multiple Microsoft servers, each dedicated to one type of discovery. For more information, please see the documentation for Installing Universal DDI Agents.

Task 4 Solution: Creating a Microsoft Credential

In this task, you create a reusable Microsoft credential in the Infoblox Portal. You use this credential for the Microsoft discovery jobs so you do not need to create a new credential for each job.

  1. Navigate to System → Administration → Credentials.

  2. Click Create.

  3. Choose Microsoft Active Directory as the credential type.

    2026-05-08_19-49-31-20260508-142008.png

  4. Configure the credential with the following values:

  • Name: MS_Credential

  • Username: ibuser@techblue.co

  • Password: infoblox

  1. Click Save & Close.

  2. Confirm that the credential appears in the credentials list.

Task 5 Solution: Creating the Microsoft Active Directory Discovery Job

In this task, you create the Microsoft Active Directory discovery job. This job allows the Infoblox Portal to discover directory objects from the Microsoft domain controller.

  1. Navigate to Integrations → Discovery

  2. On the On-Prem Tab , Click Create and then choose Microsoft → Active Directory.

    2026-05-08_19-52-34-20260508-142308.png

  3. Configure the job with the following values:

  • Name: AD_Discovery

  • Discovery Agent: Techblue_MSAD

  • Target: 10.35.22.30

  • Port: 389

  • Sync Interval: 2h

  • Credential: Choose MS_Credential

    image-20260508-142700.png

  1. Click Next.

  2. Select All Organizations Units by placing a check mark on techblue.co

    2026-05-10_19-03-16-20260510-141621.png

  3. Click Next and Save & Close.

Task 6 Solution: Creating the Microsoft Event Log Discovery Job

In this task, you create the Microsoft Event Log discovery job. This job allows the Infoblox Portal to collect user login activity for correlation and visibility.

  1. Navigate to Integrations → Discovery → On-Prem.

  2. Click Create and then choose Microsoft → Event Log.

    2026-05-08_19-54-002-20260508-142436.png

  3. Configure the job with the following values:

  • Name: WEC_Event_Discovery

  1. Click Next.

  2. In the Universal agent section, select Techblue_MSAD.

    image-20260510-143458.png

  3. Click Next and Save & Close.

Task 7 Solution: Creating the Microsoft DHCP Discovery Job

In this task, you create the Microsoft DHCP discovery job. This job allows the Infoblox Portal to synchronize DHCP scopes from the Microsoft DHCP server.

  1. Navigate to Integrations → Discovery

  2. On the On-Prem Tab , Click Create and then choose Microsoft → DHCP.

    2026-05-08_19-51-27-20260508-142207.png

  3. Configure the initial job settings:

  • Name: DHCP_Discovery

  • State: Enabled

  • Lease Sync: Disabled

  • Sync Interval: Auto

  • Sync Type: Read/Write

  • Destination Federated Realm : Default

  • Destination IP Space: Microsoft

    2026-05-10_19-12-02-20260510-141724.png

  1. Click Next.

Note: Read/Write synchronization is used in this lab to demonstrate integration behavior. In production, validate change-control requirements before enabling write operations.

  1. In the service location section, click Add

  2. For Universal Agent select Techblue_MSAD

  3. Click Add under DHCP Server section, configure the following values:

    1. Type : IP Address

    2. DHCP Server: 10.35.22.30

    3. Credential: Choose MS_Credential

      image-20260512-081218.png

  4. Scroll down and click Save.

  5. Click Next.

  6. Click Save & Close.

Task 8 Solution: Creating the Microsoft DNS Discovery Job

In this task, you create the Microsoft DNS discovery job. This job allows the Infoblox Portal to synchronize DNS zones and DNS records from the Microsoft DNS server.

  1. Navigate to Integrations → Discovery

  2. On the On-Prem Tab , Click Create and then choose Microsoft → DNS.

    2026-05-08_19-54-00-20260508-142422.png

  3. Configure the initial job settings:

  • Name: DNS_Discovery

  • Destination DNS View: New DNS View

  • DNS View Name : Microsoft

  • Sync Interval : Auto

  • Sync Type: Read/Write

    123-20260511-075205.png

Note: Read/Write synchronization is used in this lab to demonstrate integration behavior. In production, validate change-control requirements before enabling write operations.

  1. Click Next.

  2. In the service location section, click Add

  3. For Universal Agent select Techblue_MSAD

  4. Click Add under DNS Server section, configure the following values:

    • Type: IPaddress

    • DNS Server: 10.35.22.30

    • Credential: Choose MS_Credential

      image-20260510-143420.png

  5. Scroll down and click Save.

  6. Click Next.

  7. Click Save & Close.

Task 9 Solution: Triggering a Domain Login

In this task, you generate user login activity from the testing-Windows client. This activity helps populate endpoint-to-user mapping and related event data in the Infoblox Portal.

  1. Swtich to testing-windows client VM.

  2. Login using the following local credentials:

  • Username: training

  • Password: infoblox

  1. Open the Tools folder from the desktop.

  2. Select interface-static-windows.bat, right-click the file, and then click Run as administrator.

    2026-05-10_19-21-28-20260510-143710.png

  3. Log Out of the Windows client.

    2026-05-10_19-22-09-20260510-142054.png

  4. Log In again by using the following domain credentials:

    • Username: techblue\training

    • Password: infoblox

      2026-05-10_19-55-16-20260510-142640.png

  5. After the domain login completes, the WEC server collects the Windows security event. The Universal DDI Agent sends that event to the Infoblox Portal through the Microsoft Event Log discovery job, where it is used for MSAD Event Log Identity Mapping / user login data correlation in Asset Inventory.

Optional Task Solution: Reviewing Microsoft DNS and DHCP Configuration

In this task, you log in to the Windows-Server VM and review Microsoft DNS and DHCP information. This review helps you identify the source of the DNS and DHCP data that is synchronized with the Infoblox Portal.

  1. Switch from the testing-windows VM to the Windows-Server VM.

  2. Login to Windows-Server VM using following credentials:

    1. Username: training

    2. Password: infoblox

  3. Open Server Manager from the taskbar.

    Imag31-20260511-122541.png

  4. In Server Manager, click Tools → DNS.

  5. In the DNS Manager window, expand the server name.

  6. Expand Forward Lookup Zones.

    image-20260511-122605.png

  7. Review the available DNS zones and DNS records.

  8. Expand Reverse Lookup Zones.

  9. Review the available reverse lookup zones and associated records.

  10. Return to Server Manager.

  11. In Server Manager, click Tools → DHCP.

  12. In the DHCP window, expand the DHCP server dc1.techblue.io.

  13. Expand IPv4.

  14. Select the configured DHCP scopes.

    image-20260511-122618.png

  15. Click Address Pool.

  16. Review the configured DHCP address range.

Task 10 Solution: Verifying Data in the Infoblox Portal

In this task, you verify that discovery completes successfully and that user activity data appears in the expected areas of the Infoblox Portal.

  1. Switch to WEC-Server VM.

  2. From Infoblox Portal, Navigate to Network → DNS → Zones.

  3. Click Microsoft.

  4. Confirm that DNS zones and records from Microsoft are visible.

    2026-05-10_19-24-21-20260510-135430.png

  5. Navigate to Network → IPAM/DHCP → Address Spaces

  6. Click Microsoft.

  7. Confirm that DHCP network scopes from Microsoft are visible.

    2026-05-10_19-24-54-20260510-135501.png

  8. Navigate to Assets → Inventory.

  9. Click Advanced Mode.

  10. In the filter field, enter the following text: asset.Providers IN ["Microsoft"]

  11. Click Apply.

    image-20260510-162403.png

  12. Confirm that Microsoft assets are discovered and display in the inventory list.

  13. Click testing-windows from the filtered list.

  14. In the right panel, scroll to the Users section.

  15. Confirm that user login information displays for the asset.

    1.jpg-20260510-153630.png

Note: In this lab environment, user-login correlation data might not appear immediately after the domain Log In because of lab resource constraints. Wait up to 10 to 15 minutes, refresh the page, and then verify the Users section again.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close