Installation
This page covers installing the Authnull Agentless AD sensor on your Domain Controller and verifying it in depth. The basic flow is the same two-step wizard documented in Install DC Sensor; this page adds service-account guidance, log-level verification, and rollout notes.
The whole process takes under 10 minutes.
Step 1 — Download the files
In the Authnull dashboard, register the directory with Connect Active Directory, then on the Install DC Sensor step download both files:
sensor.yml— your pre-configured, tenant-specific configurationinstall.ps1— the PowerShell installer
sensor.ymlcontains tenant-specific configuration used to establish trust with the Authnull backend. Do not share it or commit it to version control.
Copy both files into the same folder on the Domain Controller.
Step 2 — Service account
The sensor service requires Local Administrator on the Domain Controller to read the Windows Security Event Log and manage WFP rules. It does not require Domain Admin privileges.
You can run the service under any of the following:
| Option | Notes |
|---|---|
| Local System | Simplest — no account setup required |
| Dedicated local account | Recommended for environments with strict service account policies |
| gMSA | Recommended for larger deployments — automatic password management |
Step 3 — Run the installer
Open PowerShell as Administrator, cd into the folder containing both files, and run:
.\install.ps1
The installer registers the AuthnullDCSensor Windows service (start type automatic) and starts it. No additional configuration is required.
Step 4 — Verify it's running
Confirm the service status:
Get-Service AuthnullDCSensor
You should see the AuthnullDCSensor service with status Running.
Then check the sensor log to confirm it connected to the backend successfully:
Get-WinEvent -LogName Application -MaxEvents 20 |
Where-Object Source -eq 'AuthnullDCSensor' |
Select-Object TimeCreated, Message | Format-List
Look for these lines — they confirm the sensor is active:
Authnull DC Sensor started (mode=monitor, fallback=allow)
Security Event Log monitor active — watching 6 event IDs
Step 5 — Confirm in the dashboard
Go back to Admin → Directory → Identity Providers. Your directory should move from Pending to Running within about 30 seconds of the service starting. If it stays Pending after a minute, see the FAQ and re-check the Prerequisites.
Step 6 — Test in Monitor mode
The sensor starts in monitor mode by default — it detects and logs authentication events without blocking any logins. This lets you verify coverage before enforcing.
Log in to any domain-joined machine using an AD account. In the dashboard you should see the authentication event appear, along with the MFA result.
Once you're satisfied with coverage, switch the relevant AD Policies from Monitor to Online.
Upgrading
Re-download the latest install.ps1 (and sensor.yml if the dashboard prompts you) and run it again, or stop and restart the service around a binary replacement:
Stop-Service AuthnullDCSensor
# apply the update
Start-Service AuthnullDCSensor
Your sensor.yml does not need to change unless the dashboard prompts you to re-download it.
Uninstalling
Stop-Service AuthnullDCSensor
sc.exe delete AuthnullDCSensor
Uninstalling has no impact on Active Directory — no residual configuration is left behind.