×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Server Automation 8.3 ... Administering Working with configuration objects Custom configuration objects

Setting up an Active Directory object

The Configuration Object Dictionary for any Application Server includes the Active Directory object, which is capable of collecting data from Active Directory 2003. To use this object, you typically must distribute it to one or more Microsoft Windows servers.

In addition to distributing the Active Directory object, you must also set up an automation principal so you can impersonate a domain user.

Consider the following guidelines when setting up the Active Directory object:

  • Distributing the Active Directory object to a domain controller is the easiest approach. For most environments, if the Active Directory object is distributed to an agent running on any domain controller in the forest, then no automation principal is needed.
  • If your environment has stricter security needs, you may need to add an automation principal in order to view one or more domains in the forest. In such a scenario, using an automation principal with credentials for the top-most domain works best because it allows you to view all the child domains.
  • If you choose to distribute the Active Directory object to a non-domain controller, you must set up an automation principal. The Active Directory configuration determines what credentials you must provide. Typically using an account with Domain User or Domain Admin privileges works, but remember that you may need to use this account from the top-most domain. You must also make sure the account is authorized to access the machine and that the account is granted the Windows "Logon as a batch job" privilege. To access this setting, use the Control Panel and go to Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment.

If you have additional questions about access requirements for Active Directory, consult your domain administrator.

To set up an Active Directory object

  1. Distribute the Active Directory custom configuration object by running a Distribute Configuration Objects Job. When you select objects to distribute, select the Active Directory object. When you select targets for the job, select the appropriate Windows servers. Ideally you would select at least one Windows server in each domain. For more information about running this type of job, see Creating or modifying a Distribute Configuration Objects Job.
  2. Create an automation principal that defines user credentials with privileges to browse the Active Directory domain. For more information, see Creating automation principals.
  3. Associate the automation principal with a role that should have access to Active Directory information. For more information, see Role - Agent ACL.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Fran Coughlin on Jul 11, 2012
active_directory custom_configuration_objects

Comments

Log in or register to comment.

Deployable actions and attributes for UNIX objects
Upgrading custom configuration objects
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.