Client Management Suite

Expand all | Collapse all

AD Import Anomaly

  • 1.  AD Import Anomaly

    Posted 10-02-2020 08:10 PM
    Perhaps it's my misunderstanding of how the Microsoft Active Directory Import function is supposed to work but happened to come across a couple similarly named Win10 computers where I couldn't find one of them in All Computers.  These are laptops and both are in same OU in AD where I have my AD import set to search this OU along with the main Computers one.  Can anyone think of why one of these machines (even if the Altiris Agent wasn't on it) would not be in the database?  I have my managed client purge set to remove after 1 month so if this did happen (e.g. this computer did have Altiris on it), wouldn't the AD import pull in the machine object into the database so it'll be shown as an unmanaged client?

    ------------------------------
    City & County of Honolulu: DIT
    ------------------------------


  • 2.  RE: AD Import Anomaly

    Broadcom Employee
    Posted 10-05-2020 02:44 AM
    Edited by Igor Perevozchikov 10-05-2020 03:18 AM
    Hi Clint!

    1. What version of NS you are using?
    2. You can check these computers in database, try this query
                 select * from vRM_Computer_Item where Name like '%your pc name%'

    ---/// After AD import of computers, there should be Delta Update done on NS side to populate these computers in their OU in SMP Console.

    3. Could you please show your AD Import rule settings which should import these computers from appropriate OU?
    4. Could you please show how looks OU tree and computers there in your AD?
    5. Is there errors/warning messages in NS log when you manually execute this AD Import rule? If yes, then please share logs output.

    Thanks,
    IP.

    ------------------------------
    Software QA Engineer
    Broadcom Inc.
    ------------------------------



  • 3.  RE: AD Import Anomaly

    Posted 10-06-2020 04:00 PM
    Edited by Clinton Watarai 10-06-2020 04:02 PM
    Hi Igor,

    I found out why AD Import isn't pulling everything in after having my security guy check the machine account's object properties.  Noticed that in my import rule under "Import some computers on the specified schedules", the following was set, below, where the computer in question hasn't been online for over 30 days now.  Unless this is a default, I probably enabled this option awhile ago and had forgotten.  With all the stale machine accounts in AD, not sure if it's a good idea to disable it or maybe increase the amount of days a bit so perhaps let me know what you think about my doing this.  Thanks!

    'Computer account password changed within the last 30 days.'

    ------------------------------
    City & County of Honolulu: DIT
    ------------------------------



  • 4.  RE: AD Import Anomaly

    Posted 10-08-2020 11:39 AM
    30 days not reporting in and delete is really aggressive in the age of work from home.  I would really suggest 90 days. Have you tweaked the inventories to run every week in a staggered fashion? If you dont and have the full inventory set to monthly - data will be missing. Do you have CEM running?

    AD import of computers is to discover machines that you dont know about. Also what is your policy on password changes? Make the import rule match that.

    Work with your Ad team to identify machines that are active - then delete all stale machines.

    ------------------------------
    Mayhew Consulting
    ------------------------------