Membership Rules determine which group a computer is assigned to. You can configure the rules by adding and excluding conditions based on computer by NetBIOS name, or path references to Active Directory computers, computer groups or containers. Membership rules have a one- to-one relationship with deployment groups. A membership rule is automatically created on creation of every Deployment Group.
The (Default) Deployment Group has a non-editable set of membership rules to Include All. You cannot add, or remove a condition or change the priority for this group.
Multiple membership conditions for the same rule always evaluate using OR Boolean logic.
Membership rules are processed in the order the Deployment Groups are listed in the Membership Rules work area. Therefore, if a computer matches multiple membership conditions in different deployment groups, it is added to the first group in the list where a membership condition matches. To change the order of the Deployment Groups use the Move Up and Move Down options in the Actions pane.
- Select the Home navigation button.
Select the Membership Rules node.
- Click the deployment group required, then click Edit Conditions in the Actions pane.
The Edit Group Conditions dialog displays.
Click Add and do one of the following:
- Select Computer by NetBIOS Name and specify the NetBIOS name for the computer or browse to the computer.
- Select Active Directory and choose the component required: Computer, Group or Container.
Note that Group and Container matching should be used where possible, as using a wildcard query carries a higher CPU burden on the Active Directory server. For further information refer to Use of wild cards below.
- Repeat to add additional conditions, if required and click OK.
If you want to automatically discover computers that match the membership rules select Automatically discover computers every... You can set the discovery as frequent as every hour, intervals in between, or as infrequent as 1 week.
Click Discover to perform an immediate discovery of computers.
- Click Submit to submit the changes to the rule.
If required, expand the deployment group you have discovered computers for and select the Computers node.
Details display about the discovered computers in the Computers work area.
Asterisk (*) and question mark (?) wildcard characters are supported in groups. The asterisk represents one or more characters, and the question mark wildcard represents a single character.
Active Directory (AD) membership queries
Management Center 2020.3 supports the use of a wildcard when querying for Active Directory (AD) using Group or Container names. Now, it is possible to quickly search for similarly named AD groups within a single rule.
Discovery rules that search for AD membership across multiple groups can result in high CPU utilization and impact the performance of the AD server. This issue will be heightened if the discovery polling frequency is high. As a result, wildcard use for AD membership rules is not generally recommended.
- Edit Conditions - Displays the Edit Group Conditions dialog box allowing you to include and exclude conditions for computers, groups and containers.
- Move Up - Moves the selected membership rule up.
- Move Down - Moves the selected membership rule down.
Discover - Discovers computers and places the computers into the first group that has a matching rule.
Only users with Server Administrator or Group Administrator permissions can execute the Discover action.
Automatically discover computers every [ ] - select to automatically discover computers from one of the following intervals:
- 1 Hour
- 4 Hours
- 12 Hours
- 24 Hours
- 1 Week