Asset Management Suite

 View Only

Retiring Inactive Computers that are Disabled in AD 

Oct 15, 2015 05:47 AM

One of the hardest tasks of an Altiris Administrator is maintaining agent coverage across the estate and ensuring all Assets have an accurate status. This article will provide a brief guide on how to extend the AD import to include the ‘Enabled’ attributes of computer accounts and how to compare that data to the last configuration request data of the Symantec Management Agent to determine if there are any assets that should be retired. The problem with relying purely on Altiris data is that you may retire an active asset that has a broken Altiris agent, by comparing the Altiris data to AD you have 2 data points that will allow for more accurate statuses.

This article will cover; creating a custom data class to store the data, assigning the data class to the computer resource type, extending the AD import, creating a report for disabled computers and creating a CMDB rule to set the Asset Status to retired where appropriate.

Creating the custom data class.

  • In the Symantec Management Console browse to Settings > All Settings > Notification Server > Resource and Data Class Settings > Data Classes > Inventory.
  • Right Click on the 'Custom' folder and select New > Editable Data Class.
  • Provide a logical name for the data class. I have called mine ‘AD_Enabled’ which will in turn create a SQL table named ‘Inv_AD_Enabled’.
  • Click add new attribute.
    • Provide a logical name for the attribute. I have called mine ‘Enabled’ which will create a column of that name in the above SQL table.
    • Select ‘String’ as the Data Type.
    • Select 'Required'.
  • Ensure that 'Multiple Rows' is NOT selected.
  • Click Save Changes

 

Assigning the data class to the Computer Resource Type

  • In the Symantec Management Console browse to Settings > All Settings > Notification Server > Resource and Data Class Settings > Resource Types > Asset Types > IT and select 'Computer'.
  • Scroll to the bottom of the page and select 'Add data classes'.
  • Expand 'Inventory' folder.
  • Expand 'Custom' folder.
  • Select the data class you created above.
  • Click save changes.
  • Untick 'allow edit'.
  • Click save changes.

 

Extending the AD Import

  • In the Symantec Management Console browse to Settings > All Settings > Notification Server and select 'Microsoft Active Directory Import'.
  • On the 'import computer resources' rule select the 'default column mappings' hyperlink.
  • On the left hand side scroll to the data class that you created above and tick it.
  • Set the following options;
    • Import Options: Only if resource is = Any.
    • Import Options: Treat data as = not selected.
    • Attribute Mappings: Enabled - click on (Null)
      • Directory entry attribute = userAccesControl
      • Define Processing Steps = String
      • click OK
    • Click OK
  • Click Save Changes.

N.B. for this to work the AD import cannot be filtered by computers that are Enabled or Computers that have been Active in AD in less than X days.

 

Creating a report

  • In the Symantec Management Console browse to Reports > All Reports. Then Select your custom reports folder.

  • Right Click and select New > SQL Report.

  • Provide the report with a meaningful name. I have called mine ‘Inactive Computers that are Disabled in AD’.

  • In Paramterized Query tab paste the following SQL (N.B. is you would like users to only be able to see all assets regardless of their permissions remove the parts highlighted in bold) ;

DECLARE @v1_TrusteeScope nvarchar(max)

SET @v1_TrusteeScope = N'%TrusteeScope%'

Select vce.guid [ResourceGuid],

vce.Name,

case iae.enabled when '4098'

then 'Disabled'

when '4096'

then 'Enabled'

end as [Enabled],

mrt.Request 'Last Altiris Config Request',

va.status

from vComputerEx vce

left join Inv_AD_Enabled IAE on iae._resourceguid = vce.Guid

left join (select ccr.resourceguid, MAX(ccr.StartTime) Request from Evt_NS_Client_Config_Request ccr group by ccr.resourceguid)mrt on mrt.ResourceGuid = vce.Guid

left join vasset va on va._resourceguid = mrt.ResourceGuid

where datediff(day,mrt.Request,getdate()) > '30'

and iae.enabled = '4098'

and va.status = 'Active'

and vce.guid IN (SELECT [ResourceGuid] FROM [ScopeMembership] WHERE [ScopeCollectionGuid] IN (SELECT [ScopeCollectionGuid] FROM dbo.fnGetTrusteeScopeCollections(@v1_TrusteeScope)))

  • Click on the Views Tab.

  • Under hidden columns tab click on ResourceGuid.

  • Click on ‘Exclude >>’.

  • Click Save Changes.

 

Retiring the computers via a CMDB rule

  • In the console browse to Settings > all settings > Notification Server > Connector > CMDB Rules.

  • Right Click CMDB Rules and select New > CMDB Rule.

  • Provide a meaningful name for the CMDB rule. I have called mine ‘Retiring Computers’.

  • From the Resource Type drop down select ‘Computer’

  • From the Target Using drop down select ‘Report’

  • Click on Select Report and on ‘Group’ dropdown browse to the folder containing the report created above.

  • Highlight the ‘Inactive Computers that are Disabled in AD’ Report and Click the ‘>’ button.

  • Click OK.

  • Under ‘Add resource associations to modify’ click ‘select association…’ for forward associations.

  • On the group drop down select ‘Resource Associations’.

  • Highlight ‘Asset’s Status’ and Click the ‘>’ button.

  • Click OK.

  • On the Lookup Key drop down select '<Value>'.

  • On the Key Column Mappings drop down select 'Retired'.

  • On the schedule drop down select ‘At Date/time’.

  • Select a schedule that runs at the same frequency as your AD import that is after your AD import finishes.

  • Click Save Changes.

Below are links to 2 other articles that will aid in the management of agent coverage;

 https://www-secure.symantec.com/connect/articles/comparing-altiris-data-ad-determine-missing-clients - Comparing Altiris Data to AD to Determine Missing Clients

 

https://www-secure.symantec.com/connect/articles/finding-broken-agents-extending-ad-import - Finding Broken Agents by extending AD Import

 

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.