Your IP:

Our Forums Have Moved!

Visit our new forums at to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.


Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
  1.  permalink
    I am just in the process of evaluating OpenDNS for use by our customers and wondered if someone could answer me a question regarding Active Directory integration?

    Our customers generally want 2 things from Web Filtering/Blocking.

    1) Stop their staff browsing stuff they shouldnt
    2) Looking at who is browsing what

    So my question is, can you integrate OpenDNS with Active Directory on a user/group basis, so our customer can get reports of which of their users is spending the most time on the net and what they are looking at?

    Also can blocking be done on a per user or per group basis? (AD groups/users that is)

    If this is possible how does it work? Is a client side app needed?


    • CommentAuthorrotblitz
    • CommentTimeApr 5th 2011
    OpenDNS identifies your DNS requests by your public IP address(es). There is technically no other way with the DNS protocol. (And you would not really like an external service being able to look into your AD network down to the user/group level, would you? :shocked:)

    That said, you can have as many different filtering groups as you have public IP addresses and as you are able to route certain internally generated DNS requests out to a dedicated gateway (IP address).

    Beside this, I read in a different thread that there is a plan to come up with AD integration at some point, but probably with a different technical solution and most likely for OpenDNS Enterprise only.

    "1) Stop their staff browsing stuff they shouldnt"

    Yes, this is possible.

    "2) Looking at who is browsing what"

    Who - no way. What - to the extend that *all* your DNS traffic will be logged, not only the browser related traffic, unless you're able to separate your DNS traffic generated by browsers from the rest. DNS is not really related to web surfing.

    "Is a client side app needed?"

    Only in case you have dynamic public IP addresses, you would want to run a DDNS updater.
    Thankful People: techmonkey
  2.  permalink
    Hmmm thanks for the reply but thats a real shame. OpenDNS is great and is exactly what we need, but without user reporting and block based on the group a user has membership of it is not much use to our customer base.

    I have tried the argument that what they actually want is to stop staff browsing sites they shouldn't and not to snoop on them, but unfortunately they do want to snoop on them :(

    Oh well the search for a decent easy to use web filter with reporting continues :/
    • CommentAuthorrotblitz
    • CommentTimeApr 5th 2011
    "unfortunately they do want to snoop on them :("

    That would be illegal in the country where I live...
  3.  permalink
    Snooping on LAN users always requires a local solution. But you do run an AD domain...
    • CommentTimeAug 6th 2012
    Though this thread is old, we do have a relevant update: OpenDNS now offers official Active Directory integration. OpenDNS Insights ( offers the same malware and botnet protection as OpenDNS Enterprise, but with the ability to connect to Active Directory for granular per-user filtering and reporting.

    If you're using OpenDNS for Web filtering, you can set up Web filtering policies by user, group or machine. If you're using OpenDNS for malware and botnet protection, you now have additional insight into which specific machines are infected.

    More information at: .

    Thanks for using OpenDNS!

    - Ravi Dehar
    Thankful People: maintenance

This discussion has been inactive for longer than 30 days, and is thus closed.