Documentation

About the Platform

Ontech AD Manager is a centralized web application for managing a Ontech Active Directory domain. It replaces the need for multiple command-line tools and Windows RSAT consoles with a single, secure web interface that covers directory management, security policy enforcement, event log collection, real-time activity monitoring, and compliance auditing.

Architecture

The platform consists of three main components:

1. Agents on endpoints collect event logs, enforce policies, monitor activity, and report violations.
2. AD Manager processes incoming data, evaluates security rules, triggers alerts, and provides the web UI.
3. Samba AD DC handles all directory operations (users, groups, computers, DNS, GPOs). PostgreSQL stores audit logs, policies, and event data.

Getting Started

Signing In

1. Navigate to ad.ontech.co.zm and click Sign In.
2. Enter your Active Directory username and password.
3. If two-factor authentication (2FA) is enabled, enter the 6-digit code from your authenticator app.
4. You'll be redirected to the Dashboard (admins) or My Devices (standard users).

Two User Roles

Role	Access	Description
Admin	Full platform access	Manage all AD objects, policies, alerts, agents, and audit logs.
User	My Devices only	View event logs and activity on assigned computers. Change password and manage 2FA.

Dashboard

The admin dashboard provides a real-time overview of the entire AD environment:

• Stat cards — total users, computers, groups, and managed agents with online/offline counts.
• Alert banner — unacknowledged security alerts grouped by severity with quick-filter links.
• Activity summary — app, network, and file event counts from the last 24 hours.
• Agent health — table of all agents showing computer, OS, version, status, and last check-in time.
• Recent violations — latest policy violations with severity, type, computer, and user.
• Domain info — domain DN, functional level, and creation date.
• Recent audit activity — the last 10 administrative actions.

User Management

Listing & Searching

The Users page displays all domain accounts in a searchable table showing username, email, status, and creation date. Click any row to open the detail page.

Creating a User

Click New User and fill in:

Field	Required	Description
Username	Yes	AD login name (e.g. john.doe)
Password	Yes	Must meet domain password policy (min 8 chars, mixed case, digit)
First / Last Name	No	Display attributes
Email	No	Mail attribute
Description	No	Free-text description
Organizational Unit	No	Where to create the account (defaults to Users container)

User Detail Actions

• Edit — modify display name, first/last name, email, description.
• Enable / Disable — toggle the account status in AD.
• Reset Password — set a new password for the user.
• Unlock Account — clear failed-login lockout so the user can sign in immediately.
• Disable 2FA — remove TOTP enrollment (the user can re-enroll afterwards).
• Group Membership — view current groups, add to or remove from groups via dropdown.
• Delete — permanently remove the account from the domain (with confirmation).

Computer Management

Browse all domain computer accounts. Each entry shows name, OS, IP, status, agent version, and last logon.

• New Computer — create a computer account with a name, optional description, and OU.
• Enable / Disable — toggle the computer account in AD.
• Delete — remove the computer from the domain.

Groups & Organizational Units

Groups

Create and manage security and distribution groups. The group detail page shows type, scope, member list, and allows adding/removing members.

Organizational Units

Browse and manage the OU hierarchy. Create new OUs specifying name, description, and parent. The detail page shows child OUs and contained objects.

DNS & GPOs

DNS Management

Manage DNS zones integrated with Samba AD. Click a zone to view records (A, AAAA, CNAME, MX, SRV, TXT). Add or delete records with type, name, value, and TTL.

Group Policy Objects

View GPOs defined in the domain including GUID, configuration status, version, and linked OUs. Link or unlink GPOs from OUs or the domain root.

Policy Management

Policies define role-based access and security enforcement rules on managed computers. They are pushed to and enforced by agents installed on endpoints.

Quick Assignment

Use Policies > Assign User for the fastest workflow:

1. Select the target computer from registered agents.
2. Choose a principal (user or group to assign).
3. Select a role — Admin, Power User, Standard, Remote Desktop, or Custom.
4. Optionally apply a policy template with predefined security rules.
5. Click Assign. The policy syncs to the agent on next check-in.

Custom Rules

When using the Custom role, granular enforcement rules are available:

Category	Controls
Admin Restriction	Prevent access to local administrator groups
Application Control	Whitelist or blacklist specific executables
Device Control	Block USB storage and external devices
Network Restrictions	Allowed outbound ports and destination hosts
Session Limits	Maximum login session duration
Service Control	Enable or disable Windows services
Firewall Rules	Inbound and outbound firewall entries
Local Groups	Manage local group memberships on endpoint

Templates

Reusable rule sets for common scenarios. Create, edit, and delete templates, then apply them when assigning policies.

Sync Logs

View the history of policy synchronizations. Each entry shows computer, sync type, status, policies applied/failed, duration, and agent version. Expand rows for enforcement details.

Alerts & Audit

Security Alerts

Alerts aggregate security events from agents and the platform. Filter by computer, type, severity, or status. Click a row to view the full message and details. Click Acknowledge to mark an alert as reviewed.

Severity Levels

Level	Meaning
Critical	Immediate security threat — requires action now
High	Serious issue — investigate promptly
Medium	Important but not urgent
Low	Minor issue for awareness
Info	Informational only

Email Notifications

Configure SMTP settings in Alerts > Settings to receive email notifications for critical and high-severity alerts. Enter your mail server host, port, credentials, and recipient address.

Audit Log

Every administrative action is logged with timestamp, username, action, category, target, and source IP. Filter by user, action, category, or date range. Export filtered results as CSV for compliance reporting.

Categories: auth user computer group ou dns gpo policy agent

Event Logs

The Event Logs page lists all managed computers with registered agents. Click a computer to view its collected logs.

Filtering

• Log Name — Security, System, Application, PowerShell
• Level — Error, Warning, Information, Audit Success, Audit Failure
• Event ID — specific Windows event ID
• Date Range — from/to date pickers
• Search — free-text search across messages

Click a row to expand full event details. Use Export CSV to download.

Collection Methods

• Agent push — agents automatically forward logs to the server (recommended).
• WinRM pull — the server connects to the endpoint via WinRM to fetch logs on demand.

Activity Monitoring

Agents collect three types of activity data from endpoints, viewable via tabs on the computer detail page:

App Usage

Applications run on the computer — process name, executable path, PID, user, start time, and duration. Filter by username, process name, or date range.

Network Activity

Network connections and DNS queries — event type, local/remote addresses, hostname, protocol, process. Filter by user, event type, hostname, process, or date range.

File Activity

File system events — create, read, write, delete, rename. Shows full path, process, and user. Filter by user, event type, file name, process, or date range.

Agent Deployment

Windows

1. Register the computer in Event Logs > Register Agent. Copy the generated API key.
2. Download the agent ZIP from Policies > Agent Setup.
3. Extract the ZIP on the target machine and edit config.json with the server URL and API key.
4. Run install.bat as Administrator and start the ADManager service.

Linux

1. Register the computer (same process as Windows).
2. Run the install.sh script with root privileges.
3. Edit /etc/admanager/config.json with server URL and API key.
4. Start the service: systemctl start admanager-agent.

My Devices Standard Users

Standard (non-admin) users see only the My Devices page. It shows computers assigned to you by your administrator. Each device card displays the computer name, OS, IP address, agent status, and last check-in time.

• Online — the agent checked in within the last 10 minutes.
• Pending — the agent has not checked in yet or is offline.

Viewing Logs & Activity Standard Users

Click a device card to open its detail page. Use the tabs to switch between:

• Event Logs — Windows event logs with filters for log name, level, event ID, date range, and free-text search. Export as CSV.
• App Usage — applications run on the computer with user, process, path, PID, and duration.
• Network — network connections including DNS queries, TCP connections, hostnames, and processes.
• Files — file system events (create, modify, delete, rename) with full paths and processes.

Each tab supports filtering and pagination. You can only access computers assigned to you.

Authentication

AD Manager uses your Active Directory credentials. Authentication is secured with:

• JWT tokens with short expiry for API requests.
• Secure session cookies (HttpOnly, Secure, SameSite=Lax).
• 30-minute idle timeout — sessions expire automatically after inactivity.
• Account lockout — 5 failed attempts trigger a 15-minute lockout.
• Rate limiting on login endpoints to prevent brute-force attacks.
• Optional TOTP two-factor authentication.

Two-Factor Authentication (2FA)

TOTP-based 2FA adds a second verification step using a time-based code from an authenticator app.

Setting Up 2FA

1. Click 2FA Settings in the sidebar footer.
2. Click Enable 2FA to generate a QR code.
3. Scan the QR code with your authenticator app (Google Authenticator, Microsoft Authenticator, Authy, etc.).
4. Enter the 6-digit code from the app to confirm enrollment.

After enabling, you'll be prompted for a TOTP code after each password login.

Password Management

Changing Your Password

1. Click Change Password in the sidebar footer.
2. Enter your current password for verification.
3. Enter and confirm a new password meeting the requirements.
4. Click Change Password.

Requirements

• Minimum 8 characters
• At least one uppercase letter (A–Z)
• At least one lowercase letter (a–z)
• At least one digit (0–9)

Role Reference

Windows Endpoint Roles

Role	Local Groups	Access Level
Admin	Administrators	Full system access — install software, manage services, system config
Power User	Power Users	Elevated permissions, some administrative capabilities
Standard	Users	Run applications, no system changes
Remote Desktop	Remote Desktop Users + Users	RDP access with standard permissions
Custom	Defined in policy rules	Custom group memberships, app control, device restrictions

Linux Endpoint Roles

Role	Groups	Sudo Access
Admin	admanager_admins	ALL commands
Power User	admanager_power, adm	Limited sudo
Standard	admanager_users	None
Remote Desktop	admanager_users	None
Custom	Defined in policy	Custom sudoers rules

Violation Types

Type	Description	Example
admin_escalation	User attempted to join an admin group	User added themselves to local Administrators
blocked_app	Blacklisted application was executed	User ran a prohibited executable
blocked_command	Denied command or script was run	User executed a restricted PowerShell command
usb_attached	USB storage device was connected	USB flash drive plugged in on a restricted machine
network_violation	Connection to disallowed host or port	Outbound connection on a blocked port
session_violation	Session exceeded duration limit	User logged in beyond the configured time window

Troubleshooting

Cannot Log In

• Verify username and password are correct, and Caps Lock is off.
• "Account temporarily locked" — wait 15 minutes or ask an admin to unlock from the user detail page.
• "Account disabled" — an admin must re-enable the account under Users.

2FA Code Not Working

• Ensure your device clock is accurately synced (TOTP is time-sensitive).
• Wait for a fresh code — codes rotate every 30 seconds.
• Ask an admin to disable your 2FA so you can re-enroll.

Agent Not Connecting

• Verify network connectivity to the server.
• Check agent logs:
  • Windows: C:\ProgramData\ADManager\agent.log
  • Linux: /var/log/admanager/agent.log
• Verify the API key in config.json matches the registration key.
• Ensure firewall allows outbound HTTPS to the server.

Policy Not Applying

• Confirm the policy is enabled in the Policies list.
• Check Sync Logs for errors on the target computer.
• Verify the agent shows Online status.
• Review for priority conflicts (lower number = higher priority).

No Devices Showing for a User

• An admin must create a policy assigning the user or their group to the computer.
• The computer must have a registered, enabled agent.
• The policy must be enabled.