Active Directory Page
FlexNet Manager Suite 2020 R2 (On-Premises)
This tab lists the domain (or domains) for which the inventory beacon
collects information from Active Directory. This information includes sites, subnets,
computers, groups, and users, and can save you a lot of data entry in FlexNet Manager Suite.
Tip: If you have a hierarchy of domains, you must
separately collect Active Directory data from each domain and subdomain. This is because
FlexNet Manager Suite respects the separation of your domains (for example, isolating
development or testing domains), and also needs to collect both the group membership and the
foreign security principal objects from each domain and subdomain. You may achieve this
either by having an inventory beacon within a target domain, or by using an
inventory beacon that either has a trusted relationship with the target
domain, or a username and password to access the target domain.
The following general principles apply to the Active Directory import. These principles
apply equally to both computers and users imported from Active Directory; but to
allow simpler explanation, we use the user records as our example:
- Only users who are currently enabled in Active Directory are imported. Users disabled in Active Directory (or deleted from it, obviously) are not imported.
- A user who was previously enabled and imported from Active Directory, but who is now
disabled and not imported, is automatically deleted from FlexNet Manager Suite provided
that she is not present in any other inventory source. (The general principle is that a
user record is deleted when the user disappears from the last inventory source that
identifies her.) Note that 'inventory source' here means Active Directory or another
source like SCCM that provides independent user records; it is not sufficient to
have a user name merely referenced in inventory from inventory devices.Tip: Digging deeper, the deletion within FlexNet Manager Suite happens in these stages:
- The upload from the inventory beacon is first resolved into the inventory database. During that process, missing/disabled computers/users in Active Directory are automatically removed from the inventory database (only).
- Immediately after the update to the inventory database, a specialized import into the compliance database is triggered. This is for Active Directory data only, and this specialized import does not delete any user/computer records originally from Active Directory that are already in the compliance database from earlier imports. This means that, while new records in Active Directory are visible in the web interface relatively soon after the AD import on the inventory beacon, deletions from Active Directory are not visible in the same time-frame.
- When the next full inventory import (from all inventory sources) occurs, which by default is overnight, records that have disappeared from the inventory database, and that do not separately appear in any other inventory source, are removed from the compliance database. It is the cross-checking against all inventory sources that means this clean-up can occur only as part of the full inventory import, normally triggered immediately before the nightly license consumption (compliance) calculations. As a result, records deleted from Active Directory are normally visibly removed from the web interface of FlexNet Manager Suite the day after the relevant AD import by an inventory beacon.
- When a user is deleted (whether automatically as just described, or manually), all references to the user from other objects are automatically cleared as well. For example, suppose you had previously linked a user to an asset record. If this user is now deleted, the reference is also removed from the asset record. In another example, if the user had previously been referenced as the calculated user for an inventory device, these references are also cleaned up. In other words, it does not matter whether the link from a user to another object was made automatically or manually, clean-up can proceed.
The Active Directory data is collected by the inventory beacon at the time of your choosing. Completed collections are uploaded to your application server promptly (the uploader is triggered by default every ten minutes). Once completely staged on your application server, the data is immediately imported into your compliance database.
For details about the available columns, see Importing from Active Directory.
FlexNet Manager Suite (On-Premises)
2020 R2