Membership rules

Membership rules determine which group a computer is assigned to. You can configure the rules by adding and excluding conditions based on computer by NetBIOS name, or path references to Active Directory (AD) computers, computer groups or containers. Membership rules have a one-to-one relationship with deployment groups. A membership rule is automatically created on creation of every deployment group.

The default deployment group has a non-editable set of membership rules to Include All. You cannot add or remove a condition or change the priority for this group.

Multiple membership conditions for the same rule always evaluate using OR Boolean logic.

Membership rules are processed in the order the Deployment Groups are listed in the Membership Rules work area. Therefore, if a computer matches multiple membership conditions in different deployment groups, it is added to the first group in the list where a membership condition matches. To change the order of the Deployment Groups, use the Move Up and Move Down options in the Actions pane.

  1. Select the Home navigation button.

  2. Select the Membership Rules node.

  3. Select the deployment group required, then select Edit Conditions in the Actions pane.
    The Edit Group Conditions dialog displays.

  4. Select Add and do one of the following:

    • Select Active Directory and choose the component required: Computer, Group or Container. AD-based rules are evaluated only during Discovery, which happens when the deployment agent first polls the server and at regularly scheduled intervals.

      Use Group and Container matching wherever possible. Using a wildcard query burdens the AD server. Refer to Using wild cards for more information.

    • Select Computer by NetBIOS Name and specify the NetBIOS name for the computer or browse to the computer. Use AD-based rules for groups. NetBIOS membership rules are evaluated in real time and during Discovery. You can use a wildcard, but doing so increases server loading.

      Wildcard queries are resource-intensive on the DNS server; use this option only when you can't use Active Directory grouping. For further information refer to Using wild cards.

  5. Repeat to add any additional conditions and select OK.

  6. If you want to automatically discover computers that match the membership rules select Automatically discover computers every... You can set the discovery as frequent as every hour, intervals in between, or as infrequent as 1 week.

    Select Discover to perform an immediate discovery of computers.

  7. Select Submit to submit the changes to the rule.

  8. If required, expand the deployment group you have discovered computers for and select the Computers node.

    Details display about the discovered computers in the Computers work area.

    Using wild cards

    Asterisk (*) and question mark (?) wildcard characters are supported in groups. The asterisk represents one or more characters, and the question mark wildcard represents a single character.

    AD membership queries

    Management Center supports the use of a wildcard when querying for AD using Group or Container names. You can quickly search for similarly named AD groups within a single rule.

    Discovery rules that search for AD membership across multiple groups can result in high CPU utilization and impact the performance of the AD server. This issue will be heightened if the discovery polling frequency is high. As a result, wildcard use for AD membership rules generally is not recommended.

Actions

  • Edit Conditions - Displays the Edit Group Conditions dialog box allowing you to include and exclude conditions for computers, groups and containers.
  • Move Up - Moves the selected membership rule up in the evaluation order.
  • Move Down - Moves the selected membership rule down in the evaluation order.

  • Discover - Discovers computers and places the computers into the first group that has a matching rule.

    Only users with Server Administrator or Group Administrator permissions can execute the Discover action.

    Discovery Settings

    Automatically discover computers every [ ] - select to automatically discover computers from one of the following intervals:

    • 1 Hour
    • 4 Hours
    • 12 Hours
    • 24 Hours
    • 1 Week

Related topics

Deployment Groups

Security