Import of Active Directory OU
Hello all,
Sorry if Im being thick but is there a way to import just 1 OU which contains 2 pc's into KACE from Active Directory?
Sorry if Im being thick but is there a way to import just 1 OU which contains 2 pc's into KACE from Active Directory?
0 Comments
[ + ] Show comments
Answers (12)
Please log in to answer
Posted by:
pimmo99
12 years ago
Just to add, I'm doing this a little differently with a Custom Inventory field.
This field will tell you the full DN of the OU a machine lives in. The custom inventory text would look like this:
RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine, Distinguished-Name, TEXT)
In return, you will get values like this (examples) (my custom inventory field name is "Domain OU")
1) Domain OU: CN=machinename,OU=Group3,OU=Group2,DC=dc2,DC=dc1,DC=myschool,DC=edu [string]
Note: If a machine is not a member of a domain (AD), this field will not return a value. (as it would be expected)
With this data, I then use Smart labels to find certain machines in certain OUs based on the right string after the CN name (the machine name)
This field will tell you the full DN of the OU a machine lives in. The custom inventory text would look like this:
RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine, Distinguished-Name, TEXT)
In return, you will get values like this (examples) (my custom inventory field name is "Domain OU")
1) Domain OU: CN=machinename,OU=Group3,OU=Group2,DC=dc2,DC=dc1,DC=myschool,DC=edu [string]
Note: If a machine is not a member of a domain (AD), this field will not return a value. (as it would be expected)
With this data, I then use Smart labels to find certain machines in certain OUs based on the right string after the CN name (the machine name)
Posted by:
scottlutz
12 years ago
Dave,
what do you want to ultimately do with these machines? I as as you could use an LDAP label to do this, fairly quickly, but that might not be what you are looking for.....
what do you want to ultimately do with these machines? I as as you could use an LDAP label to do this, fairly quickly, but that might not be what you are looking for.....
Posted by:
dave1kelsey
12 years ago
Essentially we are testing patching before going live throughout the entire company, so wanted to import the 2 pc's that currently reside in this test OU.
Posted by:
scottlutz
12 years ago
That sounds to me like a good candidate for an LDAP label:
1. Create a manual label first
2. Create a new LDAP label, attached to the manual one you just created, that you point to the AD container that holds your machines
3. Patch
4. Down the pub! :)
HTH
1. Create a manual label first
2. Create a new LDAP label, attached to the manual one you just created, that you point to the AD container that holds your machines
3. Patch
4. Down the pub! :)
HTH
Posted by:
dave1kelsey
12 years ago
Ok, created the manual LDAP label and selected "Computer Inventory" as the restrict label usage to filter.
Went to "LDAP labels" and used the LDAP browser to connect to the correct OU and got the following when running a test:
Testing LDAP Label Settings...
Testing connection to: 10.1.1.27 on Port: 389
OK Connection Successful.
OK Setting Protocol Version 3 Successful.
OK Setting LDAP REFERRALS Option 0 Successful.
OK Search Bind using LDAP supplied credentials Successful.
Applying search filter: [(objectclass=*)]
OK LDAP search (with filter) Successful.
OK LDAP Search successful with 3 entries found.
Listing object array of each entry found:
Array ...
Enabled and waited, and all 290 pc's in AD now have the new label name, what am i doing wrong?
Went to "LDAP labels" and used the LDAP browser to connect to the correct OU and got the following when running a test:
Testing LDAP Label Settings...
Testing connection to: 10.1.1.27 on Port: 389
OK Connection Successful.
OK Setting Protocol Version 3 Successful.
OK Setting LDAP REFERRALS Option 0 Successful.
OK Search Bind using LDAP supplied credentials Successful.
Applying search filter: [(objectclass=*)]
OK LDAP search (with filter) Successful.
OK LDAP Search successful with 3 entries found.
Listing object array of each entry found:
Array ...
Enabled and waited, and all 290 pc's in AD now have the new label name, what am i doing wrong?
Posted by:
dave1kelsey
12 years ago
The "search filter" within the LDAP Browser is listed as (objectclass=*) is that what you require?
Posted by:
scottlutz
12 years ago
That is exactly it, and that is what is causing you the issue of all machines being included in the LDAP Label. You will want to make sure you use a variable to pinpoint your results, ie: KBOX_COMPUTER_NAME. Here is a sample to guide you:
Posted by:
RichB
12 years ago
Is the KACE client already installed on those two computers yet? Sounds like an LDAP filter is a long way to get two computer records. You could have manually installed or provisioned those two computers in the time it took me to write this post. Then a manually applied test label would work for patch testing.
Posted by:
RichB
12 years ago
Is the KACE client already installed on those two computers yet? Sounds like an LDAP filter is a long way to get two computer records. You could have manually installed or provisioned those two computers in the time it took me to write this post. Then a manually applied test label would work for patch testing.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.