Home » Execution Settings
 

Adding Domains in Endpoint Central

Active Directory

Active Directory (AD) is a directory service developed by Microsoft that provides centralized management of network resources such as users, computers, printers, and security groups within a domain-based network. It is designed to help IT administrators efficiently manage and secure an organization's network infrastructure by controlling user access, enforcing policies, and maintaining resource integrity.

At its core, AD acts as a centralized database where all information about network resources is stored, allowing administrators to organize access efficiently, and manage these resources through a single interface, streamlining IT operations across the enterprise.

Functionalities of Active Directory in Endpoint Central

Seamless Onboarding/Offboarding of Computers

With an AD integration, onboarding and offboarding of domain-based devices in UEMS becomes much easier. Once a domain is configured, you can import and manage all AD-linked devices from a centralized console. Also, UEMS can adjust its management scope automatically to reflect these changes as computers are added or removed from Active Directory.

Please refer to the following link for Agent installation methods using Active Directory: Agent Installation Methods.

Automatic Custom Group (CG) Creation

AD integration also supports automatic creation of custom groups (Logical Structure Groups) based on AD Organizational Units (OUs) or other criteria. This simplifies the process of categorizing and managing domain-based devices dynamically to deploy the tasks as well as to provide them as scope for technicians. To know more about automatic Custom Group Creation, click here.

Active Directory based Technician Login

AD integration also supports AD user-based login to UEMS Server console. This allows the technicians to use a single password to access both AD resources and the UEMS server. Learn more about AD User Management.

Active Directory-based Reports

AD integration also supports generating insights on AD components such as OU, Group, Domain, users, computers, and GPOs. Explore AD-based Reports.

Task Deployment

The AD integration also allows technicians to use the same credentials to deploy tasks such as agent deployment, custom scripts, or software to the computers.

Pre-Requisites for Setup:

  • Administrative Rights: Ensure that the account used to add the domain has appropriate administrative rights across all client systems in the domain. This permission is required to use the credential for onboarding of computers and fetching all objects in AD (computers, users, containers, groups, GPO, and OUs).
  • Service Account Access: If using a service account, it must have view access (Read permission) to all objects in AD (computers, users, containers, groups, GPO, and OUs). Lack of view access will cause AD synchronization to fail. This account also should have access to install agent software in computers.
  • Access to Attributes: The service account should have access to important object attributes like whenChanged, whenCreated, objectGUID, Name, distinguishedName, etc. Additionally, for deleted object retrieval, ensure credentials have access to the AD recycle bin.
  • Data Collection via Command Prompt:
    • Run set L in Command Prompt to get the Domain Controller name (Logonserver = Domain Controller Name).
    • Run set U to retrieve the Domain Name and AD Domain Name (Userdomain = Domain Name, Userdnsdomain = AD Domain Name)

Steps to Add a Domain:

  1. Navigate to the Agent tab > Domain > Add Domain.
  2. Click Add Domain and select Active Directory.
  3. Enter the details collected from the Command Prompt (from the set L and set U commands) in the appropriate fields.
  4. domain-addition-in-endpoint-central
  5. Enable LDAP SSL, if required.
  6. Click Add Domain.

Configuring the Sync Options:

AD resource information is synced according to a pre-configured schedule. Changes in sync frequency will affect domain, Scope of Management (SoM) policy, and Custom group functionalities.

How to Configure Sync Frequency:

1. Via SoM Policy:

  1. Navigate to Agent Tab > SoM Policy.
  2. Click the edit symbol to configure sync time. Options include every 6 hours, twice a day, or once a day.

domain-addition-in-endpoint-central

2. Via Domains:

  1. Navigate to Agent Tab > Domains.
  2. Click the edit symbol to configure sync frequency.

domain-addition-in-endpoint-central

3. Via Custom Group:

  • Navigate to Admin > Custom Group.
  • Under sync settings, you can configure the sync frequency.

domain-addition-in-endpoint-central

Managing Domains in Endpoint Central:

Once a domain is added, you can manage it through the Actions menu.

  • Add Computers: To add AD computers, select the domain, navigate to Actions, and click Add Computers.
  • Modify Domain details: If domain details need to be updated, select the relevant domain, click Modify, enter the details, and click Update Domain Details.
  • Delete Domain: To delete a domain, navigate to Actions for the corresponding domain and click Delete. Note that deleting the domain will erase the domain’s data and related Active Directory reports data.
  • Change to Workgroup: To change a domain-based device to a workgroup, select the domain, click the corresponding action, and choose Change to Workgroup. To know more, click here.

domain-addition-in-endpoint-central

Note: Changing the Domain type from Workgroup to AD will disable all other AD functionalities configured with this AD.

When changing the Active Directory to Workgroup, the DNS Suffix will be required. To find the DNS Suffix, enter ipconfig /all in the command prompt and locate the data corresponding to Primary DNS Suffix.

Troubleshooting Domain Configuration in Endpoint Central:

For any issues during domain setup or synchronization, review your administrative credentials, access rights, and AD object permissions. Ensure proper configuration of sync frequency and domain connectivity to avoid disruptions. Kindly refer here for more steps.

Related Articles: