Thanks for posting to the Ivanti Community.
Sorry that it seems no one has the answer to be able to assist you on this yet. Did you manage to get any further information on this? Please share anything you deem useful and the community may be able to offer some help.
If not then please do consider the other ways to engage with us to get assistance:
Customer Service Coordinator
I am interested in this, as we would like to look at using AD to control access to some application installs, and for patch rollout groups. Any information would be welcomed.
You can actually create LDAP Queries that I use AD Groups all the time: https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/queries-ldap-t-create.htm
Just ensure you have your Manage Active Directory sources: https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/queries-ldap-t-manage-dirs.htm
Then you can go into scheduled task and in the Targets I use the saved LDAP queries.
I get that for machine groups, and have used that plenty. Where i am struggling is being able to schedule if the primary owner is part of a group - IE role based access. If there is something for that, I would love it, I have not found it yet.
An example -
We have 4 patch rollout groups. Right now, I have them all going to a query based on the primary owner being one of a list I type in. I would like to make AD role based groups and put their user accounts in those groups, then change the rollouts to go out if the primary owner of that machine is part of that specific AD group.
Right now, we can schedule to a machine AD group, but I do not see a way to go if the primary owner's account is a member of a certain group. This may be there, I am struggling to find it, however.
1 of 1 people found this helpful
You can create LDAP queries based on user AD group as well just in the Network View | Directory | LDAP://yourcompany | Browse Directory and the find a User Group and right click on the group and then click Save and name the Query Name and then Save. It should now be in the Save Queries in the Network View. You now can go to the scheduled task and it will be able to go into the Scheduled Task for the Rollout project and click Targets | Targeted LDAP Queries and Add and then the LDAP queries should be in there and once you start it adds the users from that group and the devices they are owners of.
Thanks, that seems to work. I figured that since I could not tie it to the primary owner, it would not work, but seems to do what I wanted.