Defining the Active Directory/IP Address Scope and Query

When querying for the first time, define the Active Directory/IP address scope, which includes Active Directory objects and IP addresses that the OfficeScan server will query on demand or periodically. After defining the scope, start the query process.

Note:

To define an Active Directory scope, OfficeScan must first be integrated with Active Directory. For details about the integration, see Active Directory Integration.

  1. Go to Assessment > Unmanaged Endpoints.
  2. On the Active Directory/IP Address Scope section, click Define. A new screen opens.
  3. To define an Active Directory scope:
    1. Go to the Active Directory Scope section.
    2. Select Use on-demand assessment to perform real-time queries and get more accurate results. Disabling this option causes OfficeScan to query the database instead of each OfficeScan agent. Querying only the database can be quicker but is less accurate.
    3. Select the objects to query. If querying for the first time, select an object with less than 1,000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.
  4. To define an IP address scope:
    1. Go to the IP Address Scope section.
    2. Select Enable IP Address Scope.
    3. Specify an IP address range. Click the plus or minus button to add or delete IP address ranges.
    • For a pure IPv4 OfficeScan server, type an IPv4 address range.

    • For a pure IPv6 OfficeScan server, type an IPv6 prefix and length.

    • For a dual-stack OfficeScan server, type an IPv4 address range and/or IPv6 prefix and length.

      The IPv6 address range limit is 16 bits, which is similar to the limit for IPv4 address ranges. The prefix length should therefore be between 112 and 128.

      Table 1. Prefix Lengths and Number of IPv6 Addresses

      Length

      Number of IPv6 Addresses

      128

      2

      124

      16

      120

      256

      116

      4,096

      112

      65,536

  5. Under Advanced Setting, specify ports used by OfficeScan servers to communicate with agents. Setup randomly generates the port number during OfficeScan server installation.

    To view the communication port used by the OfficeScan server, go to Agents > Agent Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.

    1. Click Specify ports.
    2. Type the port number and click Add. Repeat this step until you have all the port numbers you want to add.
    3. Click Save.
  6. To check the endpoint’s connectivity using a particular port number, select Declare an endpoint unreachable by checking port <x>. When connection is not established, OfficeScan immediately treats the endpoint as unreachable. The default port number is 135.

    Enabling this setting speeds up the query. When connection to endpoints cannot be established, the OfficeScan server no longer needs to perform all the other connection verification tasks before treating endpoints as unreachable.

  7. To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only. The Outside Server Management screen displays the result of the query.
    Note:

    The query may take a long time to complete, especially if the query scope is broad. Do not perform another query until the Outside Server Management screen displays the result. Otherwise, the current query session terminates and the query process restarts.