Escolar Documentos
Profissional Documentos
Cultura Documentos
Due to the inherently complex nature of computer software, Altiris does not warrant that the Altiris
software is error-free, will operate without interruption, is compatible with all equipment and
software configurations, or will otherwise meet your needs.
The content of this documentation is furnished for informational use only, is subject to change
without notice, and should not be construed as a commitment by Altiris. Altiris Inc. assumes no
responsibility or liability for any errors or inaccuracies that may appear in this documentation. For
the latest documentation, visit our Web site at www.altiris.com.
Altiris, the Altiris logo, BootWorks, Inventory Solution, LabExpert, PC Transplant, RapiDeploy,
and RapidInstall are registered trademarks of Altiris, Inc. in the United States.
Carbon Copy is a registered trademark licensed to Altiris, Inc. in the United States and a trademark
of Altiris, Inc. in other countries.
Altiris eXpress, Altiris Vision, Application Management Solution, Application Metering Solution,
Asset Control Solution, Asset Management Suite, Client Management Suite, Compliance Toolkit,
Conflict Analysis Solution, Contract Management Solution, Deployment Server, Deployment
Solution, Education Management Suite, Helpdesk, Helpdesk Solution,
HP Client Manager Software, Lab Management Suite, Migration Toolkit, Mobile Client for SMS,
My IT Forum, Notification Server, Problem Management Suite, Server Management Suite,
Server Monitor Solution, Site Monitor Solution, Software Delivery Solution,
TCO Management Solution, Unix Client for SMS, Unix Inventory Solution, Unix Software Deliver
Solution, Web Admin for SMS, Web Reports and other product names are trademarks of Altiris, Inc.
in the United States and other countries.
Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft
Corporation in the United States and/or other countries.
All other brand names are trademarks or registered trademarks of their respective companies.
Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
The Connector for Active Directory uses LDAP to provide one-way synchronization from Active
Directory to the Notification Server. You can specify which Domain Controller the AD data is
gathered from.
The Connector for Active Directory creates Notification Server collections based upon Active
Directory Organizational Units (OUs) as well as collections based upon user groups. These
collections can be used in policies across any solution. For example, suppose you want to distribute
software to all computers in an OU. A collection based upon an Active Directory OU can be used as
a target for a Software Delivery policy. As another example, suppose you want to schedule a
Deployment Solution event to all computers for people in the Sales User Group. You can do this
using a User Group collection created as part of this Connector.
• Organizational Units (OUs) - Collections can optionally be created for Organizational Units
when resources are imported, by grouping them by Organizational Units. The collections that are
created enable you to define policies from any solution and target Active Directory OUs.
• Users - The imported User data (from either Active Directory or Windows NT/2000/2003 User
Groups) is used to populate the Contact information in Alert Manager, Helpdesk Solution, and
other Solutions.
Note: No policies can be sent to the Altiris Agent based on User objects, only based on Computer
objects. User data can be used for creating contacts in Alert Manager and Helpdesk Solution and
for generating reports. User data is also mapped to computers. Also note that policies are based
on collections of computers with the Altiris Agent installed. Just importing computers from
Active Directory does not ensure that the Altiris Agent is installed on them.
• Computers - Importing Computer objects has the following advantages:
• It provides a list for Asset Control Solution of those computers that do not have the Altiris
Agent.
• It lets you know which computers in your environment do not have the Altiris Agent
installed. You can then use this information to make sure the Altiris Agent is installed on all
of your computers.
• Sites and Subnets – The imported Site and Subnet data is used to populate the Notification
Server Site Maintenance configuration page. Site collections can optionally be created that
contain all machines in that site.
Note: When you install Asset Control Solution, you can import more types of Active Directory
objects. For more information, see the Altiris Asset Control Solution User Guide.
During the import process, the computers from Active Directory are matched with known Altiris
enabled computers in the Notification Server Database (using the computer name and domain).
Note, however, that the import process imports all resources regardless of their Altiris Agent install
state. The Organizational Units then appear as folders and optionally as collections in the
Notification Server. The imported Organizational Unit folders appear in the Altiris Console on the
Resources tab view: Resource Management > Resources > Organizational Structures > Import Source
Domain
Import Source Domain is the Full Qualified Domain Name of where the Organizational Units were
imported from. Each Organizational Unit folder will contain all the resources that are in that OU. If
a resource is imported which does not belong to any OU it will appear in that default folder for that
particular resource type.
The Organizational Units collections will appear in the Altiris Console on the Resources tab view:
Resource Management > Collections > Directory Collections > Import Source Domain > Organizational
Units
These collections are then available to all Altiris Solutions as targets for policies, reports, software
advertisements, etc. (only if the Altiris Agent is present).
At a peer level to the Import Source Domain folder, OUs can also appear in the Organizational Units
– Users to Machines folder. The collections in the Organizational Units – Users to Machines folder
contain computers mapped based upon the Users in the OU. They do NOT explicitly contain the
computers that are in fact in the OU.
These “users to machine” pairs are based on primary user data matched to computers.
For Example:
If you want your Policies to go to computers based on location of computers in the OU, select from
the OU collections in the Organizational Units folder. For example, if you have a North America\Sales
OU with 3 computers and 6 users and you want your policies to go to the 3 computers, you would
use the corresponding North America\Sales collection located in the Organizational Units folder.
If you want your Policies to go to users in an OU, select from the OU collections in the Organizational
Units – Users to Machines folder. For example, if you have a North America\Sales OU with 3
computers and 6 users and you want your policies to go to the computers that the 6 users use, you
would use the corresponding North America\Sales collection from the Organizational Units – Users
to Machines folder.
• Distribution Groups
• Security Groups
• Windows User Groups (only imports user id and domain name information using the WinNT
provider).
The user group collections will appear in the Altiris Console on the Resources tab view: Resource
Management > Collections > Directory Collections > Import Source Domain > Group Type
• Distribution Groups
• Security Groups
• User Groups
For example if a Distribution Group called “All Managers” was imported the following collection
would be created:
Resource Management > Collections > Directory Collections > Import Source Domain > Distribution Groups
> All Managers
At a peer level to the Import Source Domain folder, “Users to Machines” collections can also be
imported. The Users to Machines collections will appear in the Altiris Console on the Resources tab
view: Resource Management > Collections > Directory Collections > Import Source Domain > Group Type
• Distribution Groups
• Security Groups
• User Groups
Each of these collections contains computers whose primary users are the users in the corresponding
user group collections - thus these are dynamic collections.
For Example:
If you want your Policies to use collections based on User Group data, they can only use collections
found in the “User Group Type - Users to Machines” folders.
Collections found in the “User Group Type” folders cannot be used by Policies.
See Also
• “Installation” on page 5
• “Using the Connector for Active Directory” on page 5
• “Monitoring Performance” on page 7
Installation
This section tells you how to install and uninstall the Connector for Active Directory.
• Organizational Units
• Distribution Groups
• Security Groups
• Windows User Groups (only imports user id and domain name information)
Sites and Subnets do not belong to any container type. Any other resource type (including
Computers) will be grouped using the Organizational Unit container.
You must enable the collection creation checkboxes to have OU, User Group and Site collections
created.
b Click Apply.
8 Select the default column mapping (if “and using the specified column mapping” appears).
a Click specified.
Note: If you get an LDAP class enumeration error, retry clicking specified. This error means
that you haven’t given the class enumeration time to authenticate.
b Select the Class to import from.
c Select the Columns mappings you wish to use to import data. You can enable/disable specific
groups or select different entries in the Data Source Column.
Note: The out-of-the-box defaults should be sufficient for User or Computer. These fields are
generally used for new asset types in conjunction with Asset Control Solution.
d Click Apply.
9 Select the schedules you wish to use to import data.
a Click specified schedules.
1 Define and enable the schedules. A shared schedule can be selected from the drop-down list.
If you select Custom Schedule from the drop-down list, a link appears which lets you create
a custom schedule.
b Click Apply.
10 Click the Enable check box to enable the import rule.
11 Click Apply to save the import rule.
Note: When importing occurs, NS message files are created in the Event Queue directory. If there
are errors check the Notification Server status log ( http://NSName/Altiris/NS/LogView.asp) for more
information.
Deleting Objects
If an object, such as User, Computer or OU, is deleted from Active Directory and it has been
previously imported into the Notification Server it will deleted from the Notification Server when
the Directory Synchronization scheduled task runs.
This schedule will delete any imported items and resources that no longer exist in the directory. This
will occur if directory items are deleted, renamed or moved.
Monitoring Performance
The Directory Import in the Last 'N Days report can be used to see how the Notification Server is
performing Active Directory and User Group imports. The report is found under the Reports >
Notification Server Infrastructure > Active Directory > Directory Import in the Last 'N Days. This report
lists (in seconds) how long each Directory import took over the last N days. By drilling down into
this report, the details of all the successful, failed and stopped directory import tasks can be viewed.
These reports can help you decide the best time for importing Active Directory and User Group data.
For example, if you have 10,000 users, it might be best to perform the importing during the night or
only on weekends.
A
Active Directory Import 2
Active Directory reports 7
AD import 2
C
copyright 2
creation date of document 2
D
document
print date 2
I
import
Active Directory 2
NT Groups 2
importing data 2
Installation 5
L
legal notice 2
M
Monitoring Performance 7
N
notice 2
NT Groups 2
P
patent 2
product version 2
R
reports
Active Directory 7
T
trademark 2
V
version 2