Active Directory

<< Click to Display Table of Contents >>

RayVentory Scan Engine > 12.6 u4 > User Guide > Discovery Wizard > Discovering New Devices 

Active Directory

This page is shown only if the user selected the Import from Active Directory option on the previous screen.

 

DiscoveryWizard_ActiveDirectory

 

Distinguished Name(s)

The domain name (dotted domain) or a LDAP query sting into the Active Directory Domain field. It is possible to enter multiple domain names or LDAP queries by separating them using a semicolon. You can also press the Browse... button to open a simple LDAP browser, that enables you to visually select the required container.

 

finger1

Be aware:

The LDAP browser supports multiselection. Hold thr CTRL button when selecting items to select more than one item at once.

 

Filter

This is an optional field, which can be used to perform extra filtering of devices. Regular expressions are supported. If the field is left empty, all entries from the Active Directory will be considered when performing the import, otherwise only the devices with matching full qualified host names will be imported.

 

finger1

Be aware:

Regular expressions can be complex to write and validate. If an invalid regular expression is entered, nothing will be imported. Also, pay attention to the fact that some characters and sequenced may have special meaning, for example a dot "." means any character inside the Regular Expression. To escape special characters, prepend them with backslash (\). Information about how to use regular expression refer to the Microsoft Documentation.

 

Example:

[a-z]+\.sitea\.mydomain

[a-z]: all lowercase letters from "a" to "z".

+: the preceding element can be matched one or more times.

\.: matches a "."

Therefore this regular expression can be used to filter for everything that starts with letters only and ends with ".sitea.mydomain".

 

You can always test the filter string by pressing the Preview... button. It will scan the currently selected node(s) and report back with a list of devices that matched your filter. For example, for a filter ^mws the following is reported:

 

04

 

(as a side note: ^mws means any computer name that starts with the string mws).

 

The regular expression engine is case insensitive and does not enforce string boundaries (you have to enforce them by ^ and $ respectively).

 

Detection

This setting determines how RayVentory Scan Engine figures out which Operating System is installed on the imported device. There are two different ways of solving this:

 

Select By using Active Directory information to use Active Directory member attributes and resolve Operating System from their values. This is recommended if you want to avoid physical scans of the network and it is much faster then the other method.

Select By scanning ports if your Active Directory does not contain the required information OR if you want the results to be reliable based on the actual status of open / closed ports. If this option is selected, RayVentory Scan Engine checks whether typical ports for SSH or RPC are opened and based on their status the right device family is assigned.

 

papercliper

Note:

Option Scanning ports tries to contact each device in the specified network range and checks for predefined ports to determine the device family (Windows or UNIX). Contact your network administrator before executing scans on wide range of addresses.

 

Operating system filter

These options define which types of operating systems should be detected. It is possible to select multiple types.

Client: Select this option to detect all clients.

Server: Select this option to detect all servers.

Custom: When this option is selected, it is possible to define a custom type of system in the Operating systems field.

 

Fallback

These options define the behavior of RayVentory Scan Engine should an unrecognized or disabled device be found.

 

Include disabled devices - Select this option to include disabled devices. If you leave it unchecked, the devices that are disabled in Active Directory will not be imported (recommended).

If there is no proper information in Active Directory, treat the device as Windows-based machine - Select this option to automatically fallback to Windows, if the information in Active Directory is not sufficient to determine the device family. If you uncheck this option, the devices will be imported as "unknown" types. This option is only available if the detection is set to By using Active Directory information.

If device is unreachable, treat it as Windows-based machine - Select this option for an automatically fallback to Windows if the set of open / closed ports was not enough to identify the device family. If you uncheck this option, the devices will be imported as "unknown" types. This option is only available if the detection is set to By scanning ports.

 

papercliper

Note:

Make sure that the current user has read permissions for the Active Directory.