This auto-discovery tool performs a one-way sync of Active Directory and/or LDAP group members to Device42 end users or administrators. The sync can be scheduled to keep the data in Device42 up to date. However, if you make changes in Device42, the changes will not be sent to the AD/LDAP.
The AD/LDAP sync tool can be found at Tools>>Auto-Discovery>>AD/LDAP Users.
Enter any name for the auto-discovery job.
Then choose ‘End Users’ or ‘Administrators’ as the type of user to create for the AD/LDAP group members that are discovered.
Enter the exact Group Distinguished Name and authenication information. Check the ‘Recursively search nested groups’ if you want the sync to recursively traverse any sub-domains found.
If you have selected End Users as the type, you can optionally choose which AD/LDAP attributes should be used to bring in contact, location, and notes.
Finally, like the other auto-discovery jobs, you can create a schedule for this job to run repeatedly.
Example of how to get a Group DN in Active Directory
Under the group properties with “advanced features” enabled in Active Directory Users and Computers – you can go to the attribute editor and copy the distinguishedName as shown in the image above.
Choose members and groups for administrators (for permission)
This section applies only if you choose Type = Administrators…
In the above screen shot, the Users are the list of AD users that were displayed as a result of the choices on the first screen.
The Groups are not AD groups. They are device42 groups.
You should select the Users that you want to be device42 administrators and move them to the right side of the Users dialog.
You should select one or more device42 groups for these users and move them to the right side of the Groups dialog.
Then, when you click the “Add…” button, the selected users will become device42 administrators and will receive the permissions of the selected groups.
As shown above, saved DN’s are available for future use.