13 Replies Latest reply on Feb 14, 2017 6:51 AM by Roger1

    Discovery and Object Moves

    duberyy_wotsit Apprentice
      When an AD discovery runs does the MC actually move computers between groups?  For example if a machine is moved in AD I would expect this to detect it and then apply the correct config automatically without any intervention.
        • 1. Re: Discovery and Object Moves
          BChriscoli Expert
          No, this isn't how discovery works.
          Once a machine is registered to a group, it stays in that group until manually moved.
          • 2. Re: Discovery and Object Moves
            duberyy_wotsit Apprentice

            BChriscoli wrote:

             

            No, this isn't how discovery works.
            Once a machine is registered to a group, it stays in that group until manually moved.



            Okay, that's how it looked from our side so thanks for confirming.  What strategies are others using to deal with this?  I am considering perhaps using SCCM to deploy the configs, rather than MC as it will cope better with AD object moves.
            • 3. Re: Discovery and Object Moves
              BChriscoli Expert
              Depending on the version of AMC (and CCA), you could have something in the EM Config or via GPO that unregisters/re-registers the device at shutdown/startup.
              • 4. Re: Discovery and Object Moves
                duberyy_wotsit Apprentice

                BChriscoli wrote:

                 

                Depending on the version of AMC (and CCA), you could have something in the EM Config or via GPO that unregisters/re-registers the device at shutdown/startup.



                Thanks, I'll look into this option.  We've just upgraded to the latest release so all options will be available...
                • 5. Re: Discovery and Object Moves
                  Landon Winburn ITSMMVPGroup
                  You can also do this via SQL scripts that run via the SQL Agent on a schedule. This script should move any machine that doesn't match a membership rule. Keep in mind this makes moving machines from "Prod" to "Test" a PITA as you have to change the membership rules to do so or else they get moved right back.

                  -- start of T-SQL script --
                  
                  /* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
                  ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
                  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
                  PARTICULAR PURPOSE.     
                  
                  IMPORTANT: Please take care when executing this script on a live database. 
                  It is recommended that a full database backup is first performed.*/
                  
                  -- Script for moving all machines in groups with discovery enabled to the group they 'should' be discovered in 
                  
                  IF OBJECT_ID('tempdb..#MoveMachines') IS NOT NULL
                  DROP TABLE #MoveMachines
                  GO
                  
                  CREATE TABLE #MoveMachines
                  (MachinePK uniqueidentifier, ExpectedGroupFK uniqueidentifier)
                  
                  INSERT INTO #MoveMachines
                  SELECT m.MachinePK, d.ExpectedGroupFK
                   FROM [Machines] m
                   JOIN [DiscoveredMachines] d
                   ON m.ObjectGuid = d.ADObjectGuid
                   CROSS APPLY (SELECT GroupPK from Groups where Name IN ('(Default)', 'SomeOtherGroup')) dg
                   WHERE d.ExpectedGroupFK != m.GroupFK
                   AND d.UserSpecified = 0
                   AND dg.GroupPK = m.GroupFK
                  
                  
                  -- Select statement to view the machines that will be updated (need to uncomment the UPDATE statement below)
                  SELECT NetBiosName, DNS, DistinguishedName, gm.Name AS 'Current Group', gd.Name AS 'Discovered Group', LastPollTime, ObjectGuid
                  FROM Machines m
                  INNER JOIN #MoveMachines #m ON m.MachinePK = #m.MachinePK
                  INNER JOIN [Groups] gm ON m.GroupFK = gm.GroupPK
                  INNER JOIN [Groups] gd ON #m.ExpectedGroupFK = gd.GroupPK
                  
                  --Uncomment the following line to move the computers
                  --UPDATE [Machines] SET ModifiedTime = GETUTCDATE(), GroupFK = ExpectedGroupFK FROM Machines m INNER JOIN #MoveMachines #m ON m.MachinePK = #m.MachinePK
                  
                  DROP TABLE #MoveMachines 
                  
                  -- End of T-SQL script --
                  
                  • 6. Re: Discovery and Object Moves
                    duberyy_wotsit Apprentice
                    Does the d.userspecified line make it ignore objects where an admin has manually assigned a machine to a group?

                    Thanks
                    • 7. Re: Discovery and Object Moves
                      Landon Winburn ITSMMVPGroup
                      I believe so. Specify a machine in the AMC using the "Add Computer" and then check the DiscoveredMachines table for that machine. Compare that to one that was discovered using membership rules.
                      • 8. AppSense Management Server API
                        Senseless Rookie
                        Bit of an old post - but thought I would add how we do this using the Management API (8.5).
                        You need to install the Management Console on the device you are running the PowerShell from and you will need to run with an account with permissions to move the computers.

                        If you use the following code, ensure you fully test it and you do so at your own risk!
                        # Change the following variables for your environment
                        $SourceGroup = "CurrentGroup"
                        $TargetGroup = "NewGroup"
                        $ProxyDLL = "${Env:ProgramFiles}\AppSense\Management Center\Console\ManagementConsole.WebServices.dll"
                        $ManagementURL = "http://AMServer/ManagementServer"
                        
                        # Load proxy DLL
                        Add-Type -Path $ProxyDLL 
                        
                        # Get NetworkCredential instance
                        $credentials = [System.Net.CredentialCache]::DefaultCredentials
                        $credential = $credentials.GetCredential($ManagementURL, "Basic")
                        # Create connection to the Management Server
                        [ManagementConsole.WebServices]::Connect($ManagementURL, $credential)
                        
                        # Get the key of target group
                        $GroupsWebService = [ManagementConsole.WebServices]::Groups
                        $TargetGroupKey = ($GroupsWebService.GetGroups("").Groups | Where-Object {$_.Name -eq "$TargetGroup"}).GroupKey
                        
                        # Get the discovered machines found by Group Membership Rules in the Target deployment group that are actually located in the Source deployment group
                        $DiscoveredMachinesWebService = [ManagementConsole.WebServices]:: DiscoveredMachines
                        $DiscoveredMachines = ($DiscoveredMachinesWebService.GetMachinesFromGroupKey($TargetGroupKey).DiscoveredMachines | Where-Object {$_.ActualGroupName -eq "$SourceGroup"})
                        
                        $MachinesWebService = [ManagementConsole.WebServices]:: Machines
                        
                        #Iterate through discovered machines from group rules
                        foreach ($DiscoveredMachine in $DiscoveredMachines) 
                        {
                            # Get the actual machine object referenced by discovery 
                            $TargetMachines = ($MachinesWebService.GetFromKey($DiscoveredMachine.ActualMachineKey, $false))
                            If ($TargetMachines.Machines.Count -eq 1)  # Check there is only a single result
                            {
                                # Change the machines group and apply the change 
                                $TargetMachines.Machines[0].GroupKey = $TargetGroupKey
                                $MachinesWebService.ApplyMachineChanges([ref] $TargetMachines) 
                            }
                        }
                        


                        I believe you can use the MOVE method in later versions of the API
                        • 9. Re: Discovery and Object Moves
                          duberyy_wotsit Apprentice
                          I have tested this and you are correct about user specified.  Even so if I run this against all groups it still misses a number of machines which show in the console as being in a different group to the one they were discovered in.  Rather odd and moving them manually in the console is such a PITA as you can't get select all of the bad ones and move them in one go...
                          • 10. Re: Discovery and Object Moves
                            Roger1 Apprentice
                            Has anyone had any success with the new Move method in 8.7? 

                            We have a staging/build deployment group which applies no configs.  My techs manually move a machine when they're finished with the build.  Occasionally they forget or are unsure where to place the box.  I've created a script that checks a deployment group and returns endpoints that should not be in this group.  I would like to automate this completely so machines are moved to the appropriate group if they show as no longer being on our build subnet. 

                            I don't see any examples of the Move method and I have no idea how to implement it.  Can this even be done in PowerShell?  Any examples would be great. 

                            From the AMC API Guide:
                            Declaration
                            void Move(Guid, Guid, Guid[])
                            Parameters
                            sourceGroupKey - Guid - Guid of the group currently containing the machines
                            destinationGroupKey - Guid - Guid of the group to move the machines into
                            discoveredMachineIds - Guid[] - List of ids for the machines to move

                            ----Edit----

                            http://blog.appsense.com/2016/06/appsense-management-server-web-services-api-overview/

                            This blog post from Matt Walsh has answered most of my questions in plain English.  Thank you!

                            Finally we make the ‘Move’ call to move the machine from one group to another:-


                            $MachinesWebService.Move($dgSourceKey.GroupKey, $dgDestinationKey.GroupKey, $epTargetKey.MachineKey)
                            


                            • 11. Re: Discovery and Object Moves
                              Roger1 Apprentice
                              http://blog.appsense.com/2016/06/appsense-management-server-web-services-api-overview/

                              This blog post from Matt Walsh has answered most of my question in plain English.  Thank you!

                              Finally we make the ‘Move’ call to move the machine from one group to another:-


                              $MachinesWebService.Move($dgSourceKey.GroupKey, $dgDestinationKey.GroupKey, $epTargetKey.MachineKey)
                              


                              • 12. Re: Discovery and Object Moves
                                Andrew Swindells SupportEmployee

                                Hi,

                                 

                                Firstly, allow me to introduce myself. I am the Product Manager responsible for the Management Centre, SCP, Performance Manager and the Xtraction data connector products. Prior to my move to PM I was an ITSM consultant so you may have come across me on the community before under that context.

                                 

                                I appreciate this discussion is relatively old but I just wanted to provide an update from a Product Management perspective. We currently have a feature being planned around deployment groups, a requirement of which is to allow for the dynamic moving of groups based upon AD OU and subnet. These requirements are based upon customer raised feature request, so having seen this - admittedly old - discussion I thought it was worth adding some details.

                                 

                                At this time, I am unable to commit to a date that this feature will be made available but I will be making regular updates both pre and post release so look out for them.

                                 

                                Thanks

                                 

                                :-)

                                • 13. Re: Discovery and Object Moves
                                  Roger1 Apprentice

                                  Thanks for the update.  Look forward to the upcoming changes!

                                   

                                  Until then, I had to find an easy method for moving machines without dealing with the shell.  So I ended up creating a small PS front-end to move machines around using the code from Matt Walsh's post.

                                   

                                  Example: