Creating filters that update themselves based off of Active Directory data without using an Active Directory Import
Settings > All Settings > Notification Server > Data Connector > Data Sources
Create an LDAP import data source, using the group class name. Modify the LDAP filter so that is only targets distribution groups.
Settings > All Settings > Notification Server > Data Connector > Import/Export Rules
Create a Resource import rule for the Group resource type, mapping the Resource Name lookup key to sAMAcountName so that groups which have the same Name value will be imported successfully. Allow resources to be created, updated and deleted.
Create a Filter import rule, using the “Clear existing membership, then add resources to filter(s)” rule. Use Name as the filters name, and distinguishedName as Description. Map the Resource Name lookup key to sAMAcountName so that groups which have the same Name value will be imported successfully.
The first rule will import the groups, and the second one will create filters from those groups in the “Manage > Filters > Imported Filters > [filter import rule name]” folder.
To populate these filters by accessing AD, the following two steps must first be done on each SQL Server that runs a NS database which will utilise these filters:
--/ Add Active Directory as a linked server to SQL back end
EXEC master.dbo.sp_addlinkedserver @server = N'ADSI', @srvproduct=N'Active Directory Services Interfaces', @provider=N'ADSDSOObject'
--/ Set Security Context for AD Queries
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'ADSI',@useself=N'False',@locallogin=NULL,@rmtuser=N'domainname\smpappidusername',@rmtpassword='smpappidpassword'
If the number of filters is small, then their SQL definitions can be added manually. Below are SQL definitions for computers and users:
--/ Create filters in Altiris for computers
SELECT i._ResourceGuid FROM Inv_AeX_AC_Identification i
WHERE i.[Name] IN
(SELECT [Name] FROM OPENQUERY ( ADSI, 'SELECT [Name] FROM ''LDAP://DC=domainname,DC=tld'' WHERE objectCategory = ''Computer'' AND memberof=''CN=group name,OU=ou name,DC=domainname,DC=tld'''))
--/ Create filters in Altiris for users
SELECT ru.[Guid] FROM RM_ResourceUser ru
WHERE ru.[Name] IN
(SELECT [Name] FROM OPENQUERY ( ADSI, 'SELECT [Name] FROM ''LDAP://DC=domainname,DC=tld'' WHERE objectCategory = ''User'' AND memberof=''CN=group name,OU=ou name,DC=domainname,DC=tld'''))
If the number of filters is large, an automated process will be required that makes use of the following:
--/ Obtain filter list associated with filter import rule
SELECT vc.[Guid],vc.Name,vc.[Description] FROM vCollection vc
JOIN ItemFolder f ON vc.[Guid] = f.ItemGuid
WHERE f.ParentFolderGuid = '[filter import rule name] folder guid'
The output of that query can then be used to target the filters with their SQL definitions via the ASDK, once its Description value has been used to replace the memberof section of the query.
CollectionManagementLib..::.SetCollectionDataSourceToRawSqlQuery Method
C#
// assume collectionObject was previously created by the CreateResourceCollection API
string query = "enter adsi query here as one line";
m_proxy.SetCollectionDataSourceToRawSqlQuery( collectionObject.Guid, query );
// clear the sql query just added
m_proxy.SetCollectionDataSourceToRawSqlQuery( collectionObject.Guid, null );
VBScript
' assume collectionObject was previously created by the CreateResourceCollection API
query = "enter adsi query here as one line"
call collectionManagement.SetCollectionDataSourceToRawSqlQuery( collectionObject.Guid, query )
' clear the sql query just added
call collectionManagement.SetCollectionDataSourceToRawSqlQuery( collectionObject.Guid, null )
CMD
AltirisASDKNS.exe cmd:SetCollectionDataSourceToRawSqlQuery collectionItemGuid:%newCollectionGuid% sqlQuery:"enter adsi query here as one line"