→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mshajin
Engaged Sweeper III
Hi

It would be a useful feature to have if deployment can be done to AD security groups. If we can link dynamic groups to AD security groups, that would be even better so any assets added to the AD security group in future would pick up the deployment automatically.

I also notice a lack of support for AD security groups in general especially computer security groups. This can make deployment tasks a lot easier.

Thanks.
1 ACCEPTED SOLUTION
Susan_A
Lansweeper Alumni
You can already do exactly what you are describing below just by slightly modifying the AD group report we linked to.
Say, if I want to have a piece of software installed to all computers in an AD security group including any future ones I add to the group, I can just set it and forget all about it rather than having to add to both AD groups and Lansweeper deployment group each time.


Below is another example that lists computers in a specific group called "Test Group" that are missing a specific software called "Test Software". You can replace the highlighted criteria with your own. Reports are inherently dynamic. If you add a machine to Test Group, it will automatically show up in the report. The only thing you need to ensure is that your network is actually rescanned so the group change is detected. This can be achieved through scheduled scans. If you then run a scheduled deployment on the report, any machines in the group will automatically receive the software.

There's no need for us to add the AD group field to the dynamic group feature as well. This feature is meant to be a stripped down, simplified version of the report builder found under Reports\Create New Report. We deliberately limited the number of fields it supports. If you need to build a "dynamic group" based on another field, you can simply create a report instead.
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblADGroups.Name As ADGroupName,
tblADGroups.Description As ADGroupDescription,
Case tblADGroups.GroupType When -2147483646 Then 'security - global'
When -2147483644 Then 'security - local' When -2147483643 Then 'built-in'
When -2147483640 Then 'security - universal'
When 2 Then 'distribution - global' When 4 Then 'distribution - local'
When 8 Then 'distribution - universal' End As ADGroupType
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join tblADComputers On tblAssets.AssetID = tblADComputers.AssetID
Left Join tblADMembership On tblADMembership.ChildAdObjectID =
tblADComputers.ADObjectID
Left Join tblADGroups On tblADMembership.ParentAdObjectID =
tblADGroups.ADObjectID
Where tblAssets.AssetID Not In (Select Top 1000000 tblSoftware.AssetID
From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID
Where tblSoftwareUni.softwareName = 'Test Software') And
tblADGroups.Name = 'Test Group' And tblComputersystem.PartOfDomain = 1 And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName

View solution in original post

10 REPLIES 10
Susan_A
Lansweeper Alumni
FYI for everyone: Lansweeper already scans Active Directory user and computer group memberships, through Domain User Scanning. You can create a report for a specific group and then deploy on this report, manually or on a scheduled basis. There's a sample report in our report center, here.