About Passive Identity Agent Roles

The passive identity agent has the following roles:

• Standalone: A passive identity agent that is not part of a redundant pair. A standalone agent can download users and groups from multiple Active Directory servers and domain controllers, provided the software is installed on all of them.

• Primary: (Primary agent in a redundant pair.) Can be installed on a Microsoft AD domain controller, directory server, or any network client.

  Handles all communication with the Cloud-delivered Firewall Management Center unless it stops communicating, in which case communication is handled by secondary agents.

• Secondary: (Secondary, or backup, agent in a redundant pair.) Can be installed on a Microsoft AD domain controller, directory server, or any network client.

  Monitors the health of the primary agent and takes over if the primary agent stops communicating with the Cloud-delivered Firewall Management Center.

The can monitor several AD domain controllers that art part of the same domain.