Adding Organizational Units to a Machine Group

Companies often split up Active Directory entities by creating multiple Organizational Units (OUs). A machine group in Shavlik Protect can be configured to include specific organization units from Active Directory.  For example, you might create a machine group that includes all machines from the 'Sales' organizational unit.

Adding an Individual Organizational Unit

The easiest way to add an organizational unit to a machine group is as follows:

  1. Select the Organizational Unit tab.

  2. Type the name of the organizational unit in the Enter an individual OU name box.

An OU is added in full LDAP format. For example, to add the Sales OU from the domain example.com, the format is 'ou=sales,dc=example,dc=com'.  If you specify a parent OU, all children OUs will be included in the scan.

  1. Click Add.

Importing OUs From an External Source

You can also add organizational units by using the Browse Active Directory button to import organizational unit names from an external source.

 

This button opens a separate dialog that lists the contents of your Microsoft network. Locate the organizational units and/or machines you would like to add to the custom group, place a check mark in the desired check boxes, and then click OK. If you need to supply credentials in order to browse the Active Directory OUs on the available domains, in the Credential for enumeration box at the bottom of the dialog select the appropriate credential and then click Assign.

 

Organizational Units

You have two options:

  • Active Directory Wide: Enables you to select or deselect all OUs contained within your Active Directory.

  • Organizational Unit Wide: Enables you to select or deselect all OUs contained within your organization.

For both options you can Select All available OUs, Deselect All available OUs, or Invert Selection (enabling OUs not currently selected and deselecting those OUs currently selected).

Machines

You have two options:

  • Active Directory Wide: Enables you to select or deselect machines contained within your Active Directory.

  • Current Level: Enables you to select or deselect machines contained within the currently selected level of your Active Directory.

For both options you can Select All available machines, Deselect All available machines, or Invert Selection (enabling machines not currently selected and deselecting those machines currently selected).

Include Child OUs

If enabled, for every parent OU selected, all children OUs will also be included in the machine group.

Assign

To set credentials to use for browsing an Active Directory hierarchy on a remote domain:

  1. Select the domain.

  2. Select the proper credential.

If you need to define a new credential, see Defining Credentials.

  1. Click Assign.

Clear

Removes the credentials currently defined for the selected domain.

 

 

When organizational units are added, the new entries are displayed within the bottom portion of the machine group pane, as illustrated here: