Defining rollout targets via a directory server

If you have a well set up directory server for your environment, the easiest method to define your rollout targets is to base them on the OUs of this directory server. Even though this server already exists in your environment you still need to make it known to the Client Management database. For this, you need to do the following:

Creating a directory server in Client Management

Select Global Settings > Directory Servers in the left window pane.
Select Edit > Create Directory Server
The Properties window appears, displaying the values for the directory server it has found on the master's domain.

Enter the required information in the respective boxes or modify the preselected values to those of another directory server that you want to add.

Field	Description
Name	Enter the user-friendly name of the directory server, under which it is known, into this field. This name may be any combination of characters.
Notes	Free text field that may be edited to display general information about the object and its contents.
Directory Server Proxy	Specify the device to be defined as the directory server proxy by clicking the Select a Device icon to the right.
Type	Select from this dropdown list the type of directory server that is to be defined.	MS Active Directory
Field	Description
AD Server Name	Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334 .
Port Number	Enter the number of the port in this field at which the directory server database may be accessed (389 by default).
Alias	This field is empty by default. If you enter a value it is used as the user domain for the object types Administrator and User instead of the domain name that was recovered via the base DN. For example, a user who is registered under europe.world.enterprise.com could be indicated via his OU called Americas .	IBM Domino
Field	Description
Domino Server Name	Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334 .
Port Number	Enter the number of the port in this field at which the directory server database may be accessed (389 by default).
Organizational Unit	The name of the Domino organizational unit to which the user belongs, similar entity to the alias and OU of Directory Server, for example, a Domino directory of which the organization name is World and which includes the organizational units Americas , Europe and Asia .	LDAP Server
Field	Description
LDAP Server Name	Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334 .
Port Number	Enter the number of the port in this field at which the directory server database may be accessed (389 by default).
Base DN	Enter the unique name of the base DN to which you want to connect. The base DN is the entry point to the directory organization and different from all others. You can enter this value either in LDAP or UNC format. For example: the entry world.entreprise.com of Active Directory can be entered in LDAP notation as dc=world, dc=enterprise, dc=com or as world.enterprise.com in UNC notation.
Domain Alias	This field is empty by default. If you enter a value it is used as the user domain for the object types Administrator and User instead of the domain name that was recovered via the base DN. For example, a user who is registered under europe.world.enterprise.com could be indicated via his OU called Americas .	Novell eDirectory
Field	Description
eDirectory Server Name	Enter the known network name of the directory server in this field. This value may be either the complete (recommended) or short network name, such as scotty.bridge.enterprise.com or scotty , or it may be the IP address of the server in its dotted notation, for example, 175.175.2.1 or 2001:db8:85a3::8a2e:370:7334 .
Port Number	Enter the number of the port in this field at which the directory server database may be accessed (389 by default).
Context	The name of the context that is to be referred in eDirectory. It corresponds to the client field of the same name provided by Novell in the Advanced settings and is the same as a complete domaine name in Active Directory. A context called world.enterprise.com that redirects to the directory part referencing the desired user.
Tree	The name of the eDirectory tree to which you want to connect. It corresponds to the client field of the same name provided by Novell in the Advanced settings; it is the same as an Active Directory Alias and may be required in certain cases. A user of context europe.world.enterprise.com may for example be part of a tree called Americas in which exists a unit USA .	Credentials
Field	Description
Anonymous Access	Check this radio button if you want to log on to the directory server with an anonymous login. Depending on the ACL lists of the server you may or may not be allowed to connect and/or synchronize. For security reasons it is recommended to not use this option. Checking this option is the same as using an authenticated access without specifying a user and password.
Authenticated Access	Check this radio button to log on to the directory server with a specific user login. The two fields below becomes accessible and need to be filled in.
User	Defines the name uniquely identifying the user: sAMAccountName notation , example DOMAINUser , this is the recommended syntax LDAP notation , for example, cn=username, cn=usergroup where username is the user you wish to connect as, and usergroup is the folder that contains username in LDAP/Active Directory Users and Computers as the simple user name , for example, administrator (may be used if it is a login of the local AD domain and the server is entered as an IP address or short network name. If the AD is entered as a long network name if the login is a user in the specified domain). UPN notation , for example, user@domain.com (for users in other than the AD domain).<br>
Password	Enter the password for the directory server into this field through which the above defined user may access it. Be sure to enter the correct password, otherwise the directory server cannot be accessed from the Console. For security reasons the password is displayed in the form of asterisks 🟡️.

Check that the entered values are correct by clicking the Test Login button.
Click OK to confirm.

A new directory server with the specified data is created.

Assigning a directory server to the target group and synchronizing

In the left window pane, select the Device Groups node.
Click Edit > Create Device Group

to create a new group.
The Properties dialog box appears.
Click OK .InformationIt is not necessary to give a name to this group, as it is automatically renamed to the name of the directory server and OU as soon as it is assigned.
Select the new group in the left window pane.
Select the new group's subnode Dynamic Population > Directory Server .
Click Edit > Assign Server

.
The Select a Directory Server dialog box appears on the screen. The dialog box lists all available directory servers with their organizational units depending on the base object. That is, when under a device group, it displays all available device groups, and when under a user or administrator group, it displays all available user groups.
Select an entry from the list.InformationYou can select either the directory server itself or one of its children. If you want to synchronize all elements of a directory server in a flat list you can check the Synchronize All Devices/Administrators/Users box above this list together with the directory server root in the box below. To synchronize with the server root or an OU maintaining, that is, recreating the directory structure in Client Management , do not check this box.
Click OK to confirm.
The Properties dialog box appears on the screen.
From the list, select an option to specify if all devices are to be synchronized, or only those with a CM agent installed.
Click OK to confirm.
A confirmation window appears.
Click OK to synchronize now.
The connection with the directory server is established and all members of the selected entry are added to your current group. The Directory Server Synchronisation window displays a confirmation that lists all objects that were added, along with their status, which in this case is either New Object or Error .
Click OK to close this window.

The name of your group is changed to the name of the directory server entry followed by the full name of the server in dotted notation. For example, if you synchronized your group with an organizational unit called Relay Servers , the name of your group is now Relay Servers.Full.Directory.Name . If the selected group has subunits, these are also synchronized and added to the group as subunit.group.server name .

If all elements of a type were synchronized, the name of the group changes to the full name of the directory server. The elements are added to this group in a flat list, ignoring any hierarchy they were sorted in on the directory server.

Repeat this procedure for all target groups to which you need to roll out the agent.

When you have created all necessary target groups, you are ready to create the rollouts and assign the target groups to them.

Defining rollout targets via a directory server