Client Management Suite

 View Only

  • 1.  Notification Server - AD Imports

    Posted Jun 22, 2012 08:14 AM

    I was hoping someone could clarify something for me...

    We have two options which relate to AD imports, I was just wondering what each does and what the difference is?

    They are the "Domain Membership/Wins Import" and the "Microsoft Active Directory Import".

    The reason I ask is that we have recently turned off both imports as we have a large number of servers we dont want in the databse but since the switch off our filters which query based on OU no longer seem to be working.

    Any advise much appriciated. Version is NS 7.0

    Cheers

     

     



  • 2.  RE: Notification Server - AD Imports

    Posted Jun 22, 2012 10:30 AM

    Domain Membership enumates accounts from the domain and gets the PC name based on those accounts:
    http://www.symantec.com/business/support/index?page=content&id=HOWTO45512

    AD import lets you be more granular -- enabled vs. disabled objects, which OUs -- and includes OS information:
    http://www.symantec.com/docs/HOWTO45303

    Regarding the filter and query based on OU, can you share the query here?  OU is stored in one place as part of inventory (Inv_ data classes), but in another as part of the AD synchronization (organizational views and groups).



  • 3.  RE: Notification Server - AD Imports

    Posted Jun 22, 2012 10:46 AM

    Thanks Mike. The query I am using is below with the OUNAME changed to one of our real OUs.

    select vc.[Guid],vc.[Name],r.[Distinguished Name] As dn from dbo.vComputer vc      
    join [dbo].[Inv_OU_Membership] r      
    on vc.[Guid] = r.[_ResourceGuid]
    where r.[Distinguished Name] like '%OU=OUNAME%'



  • 4.  RE: Notification Server - AD Imports

    Posted Jun 22, 2012 11:06 AM

    False info, they're totally the same data class.  AD import modifies the Inv_OU_Membership dataclass, and is one reason why computers show as receiving an inventory recently even if they are not actually reporting a Software or Hardware inventory from Inventory Solution.

    In any case, your information in Inv_OU_Membership will be outdated if you have disabled AD imports.  You can select which computers AD import pulls in, so if you want only workstations, then uncheck the 'Servers' OU.  If you want some servers but not others, and they reside in the same OU, then you will need to still import from AD, but not push the agent to these discovered-but-not-managed computers.

    Alternatively, you could try working from the Inv_AeX_AC_Location table's 'Distinguished Name' field, but this is a little trickier.



  • 5.  RE: Notification Server - AD Imports

    Posted Jun 25, 2012 07:47 PM

    The major distinction for me between the 2 aforementioned options is that I needed OS info so was forced to use AD Import since Domain Membership Import doesn't pull in this data.  This option worked out well because as Mike mentioned, you can specify to only import workstations which is what I wanted anyway.