AD User and Groups in Inventory

0

What about a option to scan for all users/groups in the active directory and add them into PDQ Inventory?

Would be nice to have a easy way create up to date user/group reports.

 

Sincerly Chris

Cancel
login to comment
0

I guess Christian is trying to accomplish something similar to me

 

say for example I would like to create a dynamic collection in PDQ Deploy that will target computers for users who have the title of "Accounting Specialist" , since we keep the Fname and Lname of each user in the description field of the computer in AD, if PDQ can read AD user attributes, we can create a table and make a joint query (cross match it with the computer table) where it would help us create a collection that contains those computers !

something like, if Computer.Description.Title = Accounting Specialist, then add it to the collection (considering that description is populated with the computer owner)

Cancel
login to comment

0

You are right, it's more a feature request for the future.

PDQ Inventory already scans the Active Diretory from the DC and Groups/Users on each devices.

I thinks its a small step to scan the AD users/groups from the DC also.

 

 

 

.

 

 

Cancel
login to comment

0

Chris,

My theory on why "PDQ Inventory" does not house this functionality, by default, is that "PDQ Inventory" and "PDQ Deploy" were designed to go hand in hand, for the most part, and are heavily geared toward management at the hardware level as this is the most "Static" thing to code/script against.

With that said....

You can't script against a "User" as they house nothing but an identity but you can script a "User" against your software and hardware giving the "User" a tailored experience. 

That should satisfy the "is it possible" tooth even though it's not available just yet as a core function in "PDQ Inventory".

"PDQ Inventory" does an amazing job of giving valuable insight into Software, Services, Registry, and Hardware Information but would need a totally different module and approach to manage "Individualized User Experience" on your machines if your users are moving from machine to machine often.

One of the many benefits to PDQ is that it sits right on top of "PowerShell" which, by nature, can see and do almost anything in a Windows Environment. I still see your report being a "Custom Tool" you may have to build for yourself to be able to track your licensing for your environment but for the rest, we would have to see if Admin Arsenal sees value in this "User" tracking functionality for Inventory and Reporting.

I hope this helps a little bit.

 

Cancel
login to comment

0

I know we have a AD sync, but only for Hardware. But a inventory is not only hardware, your user accounts are inventrory too.

 I have two thinks in mind:

1. Reports

Keep tracking how many users are in the different group, for example a group that allows users terminal server connections. Or how many users are in the different OUs, how many have a e-mail etc. With this reports you can keep a eye on the license situation. Enough RDS, Exchange, Server Cals etc. avaible? Are we under licensed?

2. Make software availbe for specific persons/groups on every PC

Not every Software is on every PC, but sometimes you need specfic software for persons or groups

Bulding a person/group specific deploy package could be a good option to make software packages availbe on the logged on pc, even if the admin is not in the house. Since the hearbeat scan schedule option is avaible it make sense to test this.

 

 

Cancel
login to comment

0

If it's simply reporting on how many users you have, what security groups they are assigned to and so forth, that may be something where you may need a "Custom Tool" for PDQ Inventory to run against the reporting module.(IE: PowerShell magic)

Maybe AA staff can chime in on this one to see if I am on the right train of thought?

Cancel
login to comment

0

Chris,

I am slightly confused by your question as PDQ comes with native Active Directory sync out of the box to manage the machines themselves.

These settings can be found under File> Preferences> Active Directory

When it comes to "User" and "Security Group" management, this seems a little redundant to have that available in PDQ inventory if AD is already handling everything at the "User" level.

What is your current hurdle that you are facing targeted at the User/Group level?

Cancel
login to comment

Reply