cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
carlow
Engaged Sweeper II

Hello LS community!

Not all our assets go from active to non-active. Is this because they are set manually to active?

We would like that all assets automaticity go from active to non-active is they are not seen in the last 45 days.

We are currently on v 10.3.1.0 and see attachment for the Cleanup options.

Kr,

Carlo

1 ACCEPTED SOLUTION
Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

I would be happy to help!

Most of the confusion will probably be around what Lansweeper considers "not seen". 

For example, if you have configured the "non-active" cleanup option to 45 days, the assets that have not been seen in the last 45 days will be set to "non-active", you can check the Scan Time tab of your assets to see if they have met this "not seen" criterium (see screenshot below).

With "not seen" we mean:

  • The assets have not been successfully scanned in the last 45 days. This means that the Last Successful Scan date (tblAssets.Lastseen) needs to be older than 45 days.
  • The assets have not reported to a domain controller in the last 45 days This means that the Last on-premises AD Domain scan date (tblAssets.LastActiveScan) needs to be older than 45 days.
  • The assets have not been detected in the network in the last 45 days by IP Range Scanning, i.e. Lansweeper has not seen assets with that name/IP combination and open ports in the network. This means that the Last IP Range Scan date (tblAssets.LastIPScan) needs to be older than 45 days.

TLDR

All dates marked on the screenshot below need to be older than 45 days before the asset cleanup option will be triggered.

Obi_1_Cinobi_2-1677659666488.png

 

 

View solution in original post

5 REPLIES 5
carlow
Engaged Sweeper II

@Obi_1_Cinobi  Can you help us with this question?

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

I would be happy to help!

Most of the confusion will probably be around what Lansweeper considers "not seen". 

For example, if you have configured the "non-active" cleanup option to 45 days, the assets that have not been seen in the last 45 days will be set to "non-active", you can check the Scan Time tab of your assets to see if they have met this "not seen" criterium (see screenshot below).

With "not seen" we mean:

  • The assets have not been successfully scanned in the last 45 days. This means that the Last Successful Scan date (tblAssets.Lastseen) needs to be older than 45 days.
  • The assets have not reported to a domain controller in the last 45 days This means that the Last on-premises AD Domain scan date (tblAssets.LastActiveScan) needs to be older than 45 days.
  • The assets have not been detected in the network in the last 45 days by IP Range Scanning, i.e. Lansweeper has not seen assets with that name/IP combination and open ports in the network. This means that the Last IP Range Scan date (tblAssets.LastIPScan) needs to be older than 45 days.

TLDR

All dates marked on the screenshot below need to be older than 45 days before the asset cleanup option will be triggered.

Obi_1_Cinobi_2-1677659666488.png

 

 

carlow
Engaged Sweeper II

Hello @Obi_1_Cinobi 

Thank you very much for picking this up!

It is the ‘Last on-premises AD Domain scan’ that causes the confusion.

We are using the LsAgent client on our workspaces and have the ‘Active Directory Domain’ scanning target configured for the whole domain. I think this is double.

We only want to see computers active when they are used / on in the last 45 days. The 'Active Directory Domain' target scan checks if the computer is found in Active Directory?

Will it be better if I only enter the OU’s that do not contain computers in the 'Active Directory Domain' scan?

Greetings,

Carlo

 

 

Obi_1_Cinobi
Lansweeper Tech Support
Lansweeper Tech Support

Hello there!

The Active Directory Domain Scanning target will enumerate and query all available domain controllers to retrieve a list of computers and scans those computers. By default, this will indeed cover the entire domain.

So if your Lsagent-only computers are in distinct OUs, it would make sense not to scan these (for multiple reasons) and use an OU filter to weed out those assets from your agentless scanning targets.

This will result in the Last on-premises AD Domain date no longer being updated for these Lsagent-only computers, and if this date was preventing the cleanup option from kicking off, resolve your issue.

Don't worry about not getting any AD information for your LsAgent-only assets. While LsAgent in itself cannot perform an AD Lookup, an AD Lookup will be triggered after an LsAgent scan. For this to succeed, your scanning server does require a credential mapping to the correct AD domain with a credential that can read your AD.

carlow
Engaged Sweeper II

I just updated the environment to version 10.4.1.0