Note: In a linked master environment, set up this procedure on the global master. Note: This will work only on Server 2012+.
Create groups from the Active Directory groups. Set up the master to pull data from Active Directory by using PowerShell. http://blogs.technet.com/b/ashleymcglone/archive/2013/06/27/how-to-use-the-2012-active-directory-cmdlets-from-windows-7.aspx
Prerequisites -Power Shell and Active Directory Plugin This script requires Power Shell 4.0 and the Active Directory Module for PowerShell to properly query Active Directory data.
PowerShell Verify PowerShell 4.0 is available on the SysTrack Master (download if necessary). http://social.technet.microsoft.com/wiki/contents/articles/21016.how-to-install-windows-powershell-4-0.aspx
AD Plugins Enable the Active Directory Module for PowerShell feature on the SysTrack Master.
Permissions This script will ultimately run as the local system account on the SysTrack master system where it is configured. Two areas of permission will need to be confirmed: Active Directory From an active directory perspective, the local system account must have read-only access to the AD data we are collecting. SysTrack Database (Server) From a database perspective, always provide DB_Owner permissions to this account so that the table can be created and populated. Use <DOMAIN>\<SYSTEMNAME>$ for remote connections or NT AUTHORITY\SYSTEM for local connections. Always update the parameters in the script to match the customer server name and the database name as well as debug variables. PowerShell Script The attached PowerShell script (ADUserAttributes.ps1) will take the Active Directory information and create a table called ADUserAttributes. After this table is populated, it is possible to create dynamic SysTrack groups against this information. Before running the script within SysTrack, edit the following variables near the top of the script to identify the SQL Server and database to which the script writes. This data needs to match the current SysTrack master system database connection Information. After editing the file, save it to the SysTrack master system's redist folder. (C:\Program Files\SysTrack\Agent\LsiAgent\Redist\)
Note: This script will ultimately run as the local system account on the SysTrack master system where it is configured. Provide DB_Owner permissions to this account so that the table can be created and populated. Use <DOMAIN>\<SYSTEMNAME>$ for remote connections or NT AUTHORITY\SYSTEM for local connections. Update the parameters in the script to match customer server name and database name as well as debug variables.
Batch File The PowerShell script runs through the use of a batch file. Copy and paste the following into a text file and save as ADSubnetInfo.bat. (C:\Program Files\SysTrack\Agent\LsiAgent\Redist\) powershell.exe -executionpolicy remotesigned -file ".\ ADUserAttributes.ps1" Save this file in the SysTrack Master System's redist folder. Exit. Setup The script will be run once a day on the SysTrack master where the groups are to be created. Use the steps below to configure the script within SysTrack. Verify PowerShell 4.0 is available or has been installed. Verify AD PowerShell Module has been enabled on the SysTrack master as detailed above. Open a PowerShell console and verify the following command returns data: Get-ADUser -Identity <Username> -Properties Name,SamAccountName,SID Verify sure the script has been properly edited and the appropriate permissions granted as defined above. Save to the master system's redist folder: (C:\Program Files\SysTrack\Agent\LsiAgent\Redist\) Verify the batch file has been created and saved in the SysTrack master system's redist folder: (C:\Program Files\SysTrack\Agent\LsiAgent\Redist\) Open The SysTrack Deployment Tool and create/edit a Master System Configuration.
Edit the configuration applied to the SysTrack Master Server (MASTER SERVER CONFIGURATION SHOULD BE DIFFERENT THAN ALL CHILD SYSTEMS). Enable advanced Settings. Click on Scripting and Response Times. Click Add. Name the script ADSubnetInfo. Run from redist directory. Click the ellipse button to browse for the script and choose ADSubnetInfo.bat. Set the frequency to run every 24 hours and enable Synchronize with time of day clock. Set the time for the script to run (this is a 24-hour clock). Click Save.
Perform a Read Configuration Now on the master system. |