Topic
  • 7 replies
  • Latest Post - ‏2013-08-05T21:34:17Z by SergioBenavides
jdefilip
jdefilip
24 Posts

Pinned topic Deploying Software Package to AD Group

‏2013-06-13T16:33:00Z |

Is it possible to deploy a fixlet, task, or baseline to an AD Security Group?  I would like to create a software package and deploy the package by adding the computer name to the security group. 

  • jdefilip
    jdefilip
    24 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-06-13T19:12:04Z  

    Anyone?

    I tried this with the AD-Test-Group and it did not work.  Any suggestions???

    ((windows of it) of operating system) AND (((exists value whose(it as lowercase =
    "AD-Test-Group"  as lowercase ) of components whose(type of it=
    "CN") of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory
     

    https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014929045

  • Tim.Rice
    Tim.Rice
    40 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-06-18T02:59:14Z  
    • jdefilip
    • ‏2013-06-13T19:12:04Z

    Anyone?

    I tried this with the AD-Test-Group and it did not work.  Any suggestions???

    ((windows of it) of operating system) AND (((exists value whose(it as lowercase =
    "AD-Test-Group"  as lowercase ) of components whose(type of it=
    "CN") of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory
     

    https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014929045

    One thing to remember is that TEM/IEM doesn't query AD dynamically.  The client caches the information every so often.  I think the interval, by default is 12 hours.  There is a setting that will let you adjust this, but read the notes about network traffic and client impact if you make the interval too short.

  • jdefilip
    jdefilip
    24 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-06-18T21:59:08Z  
    • Tim.Rice
    • ‏2013-06-18T02:59:14Z

    One thing to remember is that TEM/IEM doesn't query AD dynamically.  The client caches the information every so often.  I think the interval, by default is 12 hours.  There is a setting that will let you adjust this, but read the notes about network traffic and client impact if you make the interval too short.

    Tim, thank you for the reply.  Can you please provide more information on how to adjust the interval time and what the suggest intervals should be set to.  Also, I tested the code above and it does not seem to query the AD Group any suggestions?

     

    Thanks you!

  • Tim.Rice
    Tim.Rice
    40 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-06-19T11:22:55Z  
    • jdefilip
    • ‏2013-06-18T21:59:08Z

    Tim, thank you for the reply.  Can you please provide more information on how to adjust the interval time and what the suggest intervals should be set to.  Also, I tested the code above and it does not seem to query the AD Group any suggestions?

     

    Thanks you!

    https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

    Look under Client Settings.  I believe it is the first one ...

    _BESClient_Inspector_ActiveDirectory_Refresh_Seconds

  • jdefilip
    jdefilip
    24 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-06-24T13:06:29Z  
    • Tim.Rice
    • ‏2013-06-19T11:22:55Z

    https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

    Look under Client Settings.  I believe it is the first one ...

    _BESClient_Inspector_ActiveDirectory_Refresh_Seconds

    Thanks Tim!

    Anyone know how to modify this script to query on AD Security groups?

     

    I tried this with the AD-Test-Group and it did not work. 

    ((windows of it) of operating system) AND (((exists value whose(it as lowercase =
    "AD-Test-Group"  as lowercase ) of components whose(type of it=
    "CN") of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory

  • CheapskateSpoon
    CheapskateSpoon
    1 Post

    Re: Deploying Software Package to AD Group

    ‏2013-06-25T19:25:44Z  
    • jdefilip
    • ‏2013-06-24T13:06:29Z

    Thanks Tim!

    Anyone know how to modify this script to query on AD Security groups?

     

    I tried this with the AD-Test-Group and it did not work. 

    ((windows of it) of operating system) AND (((exists value whose(it as lowercase =
    "AD-Test-Group"  as lowercase ) of components whose(type of it=
    "CN") of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory

    Is the "Active Directory Security Groups and Organizational Units" analysis activated globally? Your syntax looks the same as one I'm using. Except ours is just in the relevance, we don't have an open action that automatically installs it when a computer gets put in the group.  But I'd be interested to know if that works or not, since that's how we used to do it when using SCCM.

  • SergioBenavides
    SergioBenavides
    3 Posts

    Re: Deploying Software Package to AD Group

    ‏2013-08-05T21:34:17Z  

    At my organization  we target GROUPS based on OU's these groups get updated every 12 hours,  as Tim mentions the load increases when you try to target the OU directly.