Configuring the AD Server

Granting Permission

Permissions need to be assigned to the AD account on the AD server.

WMI permissions

If you only registered the AD server on the Palo Alto without additional configuration, the AD server will repond with an error as follows.

To address this, proceed as follows.

And the account must be added to the Log Readers group.

Verification

Now, when you log in using the account from the integrated AD Domain:

You can verify that the User ID has been updated in Palo Alto: