Active Directory inventory

A DriveLock Enterprise Service is capable of reading all users, computers, groups and OU information from the current Active Directory (that is, the same domain the DriveLock Enterprise Service user account belongs to) as an AD object inventory and storing it in the DriveLock database so that it can be used within a DriveLock configuration.

There are two ways to configure the AD inventory.

1. AD inventory is collected from the server

   Configuration: DOC -> Settings (cogwheel) -> Backend -> Server settings -> General -> AD inventory

   With this option, the DriveLock Enterprise Service automatically determines the AD inventory of the server's current domain once every 24 hours. It is stored in the tenant assigned to the server (for central DES, this is the 'root' tenant). This action can also be triggered manually.

2. AD inventory is collected by the DriveLock Agent (per tenant)

   Configuration: DOC -> Settings (cogwheel) -> Backend -> Client settings -> Inventory -> Activate automatic AD inventory via agents

   With this option, the DriveLock Enterprise Service automatically determines an agent for each domain known in the database. The identified agents collect the AD inventory and send it to the DES.

   You can also initiate this action manually for a selected agent in the DOC by choosing the following from the context menu: Run action on computer -> More actions -> Show all actions -> Category: Inventory -> Send Active Directory inventory.