Prerequisites
Before installing Authnull Agentless AD, make sure your environment meets the following requirements.
Domain Controller
| Requirement | Details |
|---|---|
| Operating System | Windows Server 2016, 2019, or 2022 |
| Role | Must be installed on a Domain Controller |
| Permissions | Local Administrator on the DC |
| Architecture | 64-bit only |
Install the sensor on every Domain Controller in your environment. Authentication requests are handled by whichever DC the client reaches — a DC without the sensor is a gap in coverage.
Network
| Requirement | Details |
|---|---|
| Outbound HTTPS | Port 443 to api.authnull.com — the sensor communicates with the Authnull backend for policy checks and MFA challenges |
| No inbound ports required | The sensor does not expose any inbound network ports |
To verify connectivity from the DC:
Test-NetConnection -ComputerName api.authnull.com -Port 443
You should see TcpTestSucceeded: True.
Authnull Account
- An active Authnull account with Authnull Agentless AD enabled
- At least one AD domain registered in the Authnull dashboard
- Users enrolled in Authnull MFA with the mobile app installed on their phones
Windows Audit Policy
The sensor reads from the Windows Security Event Log. Make sure audit logging is enabled on the DC:
auditpol /set /subcategory:"Logon" /success:enable /failure:enable
auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable
auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
To verify:
auditpol /get /subcategory:"Logon"
The result should show Success and Failure.
Once all requirements are in place, move on to Installation.