I am new to BigFix, and I cannot figure out how to create New Automatic Computer Group based on Active Directory Group.
I went to tools/create new automatic group. I selected “Active Directory Path” from Properties then “Contains” then I typed “CN=ADGroupName,OU=SubOUName,OU=ParentOUName,DC=SubdomainName,DC=ParentDomainName,DC=org”
After 24 hours, the newly created group still has not gotten populated from AD yet.
In looking back at my notes you might be able to use something like this …
((windows of it) of operating system) AND (((exists value whose(it as lowercase =
"AD-Test-Group" as lowercase ) of components whose(type of it=
"CN") of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory
You can read more about the
Directory Services Objects
. The information is cached by the Agent. The cache will expire after 12 hours by default. I don’t know if this can be overridden by a setting or not.
If you want to play around with these Relevance clauses in the Fixlet Debugger, it has to be configured under the menu
Debug --> Evaluate Using --> Client Evaluator
. This will cause the Debugger to take longer to evaluate but it has access to more information than the Debugger can normally access (client information typically). Be patient. Be sure to switch it back when you are done working with the Active Directory objects.
The above clause was able to detect that my Domain Member computer had been added to that group. Because of the caching issue, it took a while to figure it out (overnight in my case), but it DOES work.