Related Articles

Configuring Active Directory

A windows network is typically based on Windows Active Directory, Workgroup, or Novell eDirectory. When you install Patch Manager Plus in your network, it automatically discovers all the domains and workgroups available in your network. Novell eDirectory based network are discovered and managed as workgroups in Patch Manager Plus.

Discovering Domains / Workgroups

To view the discovered domains/ workgroups or to initiate the discovery, select Admin tab --> Scope of Management (SoM)  --> Add Computers. This will discover all the available domains and workgroups and list them under Discovered Networks.

Adding Domains

Domain can be added in two ways:

  1. From the auto-discovered list available in the SoM --> Add Computers page by clicking the Edit link corresponding to the domain.
  2. By Manually adding the domain - If for some reason, one or more domains are not discovered, you can use the Add Domain link available in the same page to add domains manually.

Both the above options will open the Add Domain dialog for accepting the following information:

 

Parameter Description

Type

Domain Name

Name of the domain. This is usually the netbios or the pre-2000 name of the domain

Mandatory

Network Type

Select "Active Directory" option

Mandatory

Domain User Name

This should be the domain user name that has administrative privileges in all the computers of that domain. It is recommended to have a dedicated domain admin user account whose password policy is set to "Never Expire"

Mandatory

Password

Password of the domain admin user

Mandatory

AD Domain Name

The DNS name of the Active Directory Domain

Mandatory

Domain Controller Name

The name of the domain controller. If you have multiple domain controllers, provide the name of the domain controller that is nearest to the computer where the Patch Manager Plus server is installed

Mandatory

LDAP SSL

Enabling this option, ensures secure communication between Patch Manager Plus server and Active Directory. The default port used is 636

Optional

For secure communication using LDAP SSL, an SSL certificate should be uploaded in your AD/Domain Controller. Though enabling this checkbox is optional, we strongly recommend you to do it to keep your data secure.

 

Adding Workgroups

Similar to domains, Workgroups can be added in two ways:

  1. From the auto-discovered list available in the SoM --> Add Computers page by clicking the Edit link corresponding to the workgroup.

  2. By Manually adding the workgroup- If for some reason, one or more workgroups are not discovered, you can use the Add Domain link available in the same page to add workgroups manually.

Both the above options will open the Add Domain dialog for accepting the following information:

 

Parameter Description

Type

Domain Name

The name of the workgroup

Mandatory

Network Type

Select "Workgroup" option

Mandatory

Admin User Name

A common user name which has administrative privileges in all the computers within that workgroup. It is recommended to have a dedicated user account whose password policy is set to "Never Expire"

Mandatory

Password

The password of the common admin user

Mandatory

DNS Suffix

This is required to uniquely identify a computer within a workgroup. For example, if you have a computer with the same name in two different workgroups, the DNS suffix is used to identify it uniquely

Optional

 

 
  • Computers in Novel eDirectory based network are managed as Workgroups.

Changing the Domain or Workgroup Credentials

A remote connection is established to the managed computers to perform the various Desktop Management activities like agent installation / upgradation, patch/inventory scanning, and remote desktop sharing, which requires an admin credential. The credential provided when adding a domain/workgroup is used for this purpose. When the username/password provided while adding the domain/workgroup has changed later due to password expiry or other reasons, you need to update the correct credentials from the Admin tab --> SoM page to avoid getting "Access Denied" errors while performing any remote operations.

 

To update the credentials, click the Edit Credentials button available in the SoM page. Select the Domain/Workgroup from the select box, update the username/password and click Update Domain Details.

SoM Policy - How to add/remove computers

You can automate the process of adding and removing computers that are managed by configuring the SoM policy. This helps you to Synchronize computers from Active Directory. So you will  find the computers that are newly added in the Active Directory, but are not managed and the computers that have been deleted from the Active Directory. This helps you to quickly add or remove computers from being managed using.

The synchronization will happen at a specified time everyday and can be configured to notify you whenever a change is detected. You can also initiate the sync option as and when required with sync only modified data and sync all option. Sync only modified data will list only the changes that has happened after the previous sync. So the computers which are added or removed after the previous sync will be listed here. Sync all option can be used to get the complete list of all the computers that has been added or removed in the active directory.

To enable synchronization follow the steps below:

  1. Select SoM --> SoM Policy tab
  2. Enable the checkbox to Detect and Add New Computers
  3. Specify the action that needs to be performed when a new computer is added to the Active Directory; Whether to notify me and install an agent automatically or just notify me.
  4. Enable the checkbox to Delete Inactive Computers
  5. Specify the action that needs to be performed when a new computer is removed from the Active Directory or it has been inactive for a long time; Whether to remove the computer from the SoM automatically and notify me or to just notify me.
  6. Specify the number of days allowed for the computers to be inactive and the action to be performed.
  7. Specify the notification mail message that needs to be displayed while a computer is inactive for a long time.
  8. Specify the time at which the sync should happen. The time should be specified in 24 hour format and the sync will happen at the same time everyday.
  9. Click on 'Add Target' to choose the Domains/OUs/Groups that you would like to sync, with the SoM policy.
  10. You can also enable the 'Search groups in all subdirectories' option to sync all the groups under sub-directories for the selected target.
  11. Note: If you do not see all the domains, you should check and specify the credentials first from SoM --> Computers --> Edit Credential.

  12. If you wish to be notified on any change, select "Enable Email Notification" and specify the "To Address", subject and message.
  13. Click Save
 
  • You can choose to exclude computers for management purpose, within the Patch Manager Plus server. Excluding here, refers to removing the computers, which need not be managed. You can select them, click on "Exclude Computers", button by navigating here : The web console -> SoM ->, SoM Policy -> Exclude Computers. You can view all the excluded computers, and choose to install agents anytime in the future.

Next Steps

The next step is to add and install the agent in the client computers that have to be managed. The following sections will detail the steps:

  1. Managing Computers in LAN - To add and install the agent in the client computers from the same LAN where the Patch Manager Plus server is installed

  2. Managing Computers in WAN - To add and install the agent in the client computers from remote locations like branch offices and mobile users.