Deploying Software Package to AD Group

(imported topic written by jdefilip)

Is it possible to deploy a fixlet, task, or baseline to an AD Security Group? I would like to create a software package and deploy the package by adding the computer name to the security group.

(imported comment written by jdefilip)

Anyone?

I tried this with the AD-Test-Group and it did not work. Any suggestions???

((windows of it) of operating system) AND (((exists value whose(it as lowercase =

"AD-Test-Group"
as lowercase ) of components whose(type of it=

“CN”
) of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory

https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014929045

(imported comment written by Tim.Rice)

One thing to remember is that TEM/IEM doesn’t query AD dynamically. The client caches the information every so often. I think the interval, by default is 12 hours. There is a setting that will let you adjust this, but read the notes about network traffic and client impact if you make the interval too short.

(imported comment written by jdefilip)

Tim, thank you for the reply. Can you please provide more information on how to adjust the interval time and what the suggest intervals should be set to. Also, I tested the code above and it does not seem to query the AD Group any suggestions?

Thanks you!

(imported comment written by Tim.Rice)

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

Look under Client Settings. I believe it is the first one …

_BESClient_Inspector_ActiveDirectory_Refresh_Seconds

(imported comment written by jdefilip)

Thanks Tim!

Anyone know how to modify this script to query on AD Security groups?

I tried this with the AD-Test-Group and it did not work.

((windows of it) of operating system) AND (((exists value whose(it as lowercase =

“AD-Test-Group” as lowercase ) of components whose(type of it=

“CN”) of distinguished names ((distinguished names of groups of it; distinguished names of it) of local computer of it))) of active directory

(imported comment written by CheapskateSpoon)

Is the “Active Directory Security Groups and Organizational Units” analysis activated globally? Your syntax looks the same as one I’m using. Except ours is just in the relevance, we don’t have an open action that automatically installs it when a computer gets put in the group. But I’d be interested to know if that works or not, since that’s how we used to do it when using SCCM.

(imported comment written by SergioBenavides)

At my organization we target GROUPS based on OU’s these groups get updated every 12 hours, as Tim mentions the load increases when you try to target the OU directly.