You can view the traffic between members of defined Active Directory groups and can use this data to fine-tune your firewall rules.

You can either do a quick query using the default search criteria by clicking Search, or tailor the query according to your requirements.

Either vShield Endpoint must be installed in your environment or a domain must be registered with NSX Manager. For information on Endpoint installation, see NSX Installation and Upgrade Guide. For information on domain registration, see Register a Windows Domain with NSX Manager.

Data collection must be enabled on one or more virtual machines.


Log in to the vSphere Web Client.


Click Networking & Security and then Activity Monitoring.


Select the AD Groups & Containers tab in the left pane.


Click the link next to Originating from.

All groups discovered through guest introspection are displayed.


Select the type of user group that you want to include in the search.


In Filter, select one or more group and click OK.


In Where AD Group, select includes or excludes to indicate whether the selected AD group should be included in or excluded from the search.


Click the link next to Where AD Group.


Select one or more AD groups and click OK.


Click the During period (During Period icon) icon and select the time period for the search.


Click Search.

Search results filtered by the specified criterion are displayed. Click in a row to view information about the members of the specified AD group that are accessing network resources from within the specified security group or desktop pool.

You can export a specific record or all records on this page and save them to a directory in a .csv format by clicking the export icon on the bottom right side of the page.