CA Client Automation

Expand all | Collapse all

How to use directories in queries with nested goups from AD

Jump to Best Answer
  • 1.  How to use directories in queries with nested goups from AD

    Posted 07-13-2020 11:01 AM
    Hello,

    We would like to ask you regarding a doubt using Directories in CA Client Automation (in this case Active Directory).

    We need to work with the groups existing in AD in order to create groups inside Client Auto. It is easy using queries and dinamic groups, but we don't know how to procced when the members from AD groups are another groups.

    If you create a query using an AD group which members are computers, we don't have any problems, since the query results give us the computers inside the AD group.
    If the AD group used has as members another groups, we don't have results from our queries.
    Please, could you tell us how to procced in these cases?

    These AD groups are dinamics and they have changes during their live, so we can't generate the queries adding/deleting every group inside a parent group when it had changed. We need that our queries change automatically at the same time the AD groups are changed.
    Thank you very much in advanced.

    Best Regards,
    Francisco García

    ------------------------------
    Francisco García
    ITSM Consultant
    Ministerio de Defensa (Madrid)
    ------------------------------


  • 2.  RE: How to use directories in queries with nested goups from AD

    Broadcom Employee
    Posted 07-14-2020 06:17 AM
    Hi Francisco,

    Have you tried checking the "search recursive" checkbox while adding the directory argument?

    Thanks
    Sai Srihari Rao


  • 3.  RE: How to use directories in queries with nested goups from AD

    Posted 07-14-2020 07:11 AM
    Hi Sai Srihari,

    Thank you very much for your answer!!
    I think, I didn't explain well. The option you say "Search Recursive" is available when you select a folder from Active Directory, but it is not my aim.
    What I could like is select a group from AD where their members are another groups (no standalone computers). If I do that, the result of my query is empty.
    I just get results when the group from AD selected has as members computers (no groups).
    Thank you very much!!

    Regards,
    Francisco García

    ------------------------------
    Francisco García
    ITSM Consultant
    Ministerio de Defensa (Madrid)
    ------------------------------



  • 4.  RE: How to use directories in queries with nested goups from AD

    Broadcom Employee
    Posted 07-15-2020 05:33 AM
    Hi Francisco,

    To Do advanced searching of AD you have to use the LDAP interface.

    Rgds,
    Steve.




    ------------------------------
    Senior Principal Engineering Solutions Architect
    Broadcom
    ------------------------------



  • 5.  RE: How to use directories in queries with nested goups from AD

    Posted 07-15-2020 10:57 AM
    Hi Steve,

    Thank you very much for your answer!!
    When you talk about LDAP Interface, is it regarding the directory type on the configuration from configured directory?

    Our configured Directory has 'Active Directory' as type, and 'Active Directory' as Schema. I have tried changing to LDAP type, but I have the same results.
    Please, could you give me some more details?
    Thank you very much in advance.

    Regards,
    Francisco García

    ------------------------------
    Francisco García
    ITSM Consultant
    Ministerio de Defensa (Madrid)
    ------------------------------



  • 6.  RE: How to use directories in queries with nested goups from AD
    Best Answer

    Broadcom Employee
    Posted 07-16-2020 04:50 AM
    Hi Francisco,

    Sorry, i was even confusing my self!

    When you said AD i was thinking WINNT Groups directly from the AD that the Server is a member of. When you use the Directory Integration Wizard you can select a directory type of AD which will allow LDAP based queries. You do not need to specifically add a LDAP directory.

    In the Query builder you will see at least three entries: E.G



    Once you have the AD configured the Engine Job "Default Directory Synchronization Job" must be run successfully before any query will work. 

    Rgds,
    Steve.

    If you would like you can contact me directly and we can do a remote session to run through it.



    ------------------------------
    Senior Principal Engineering Solutions Architect
    Broadcom
    ------------------------------