Service Manager powered by HEAT

Running an Active Directory Scan

•About Active Directory Scans

•Scanning the Network for Computers Not Being Audited

•Other Discovery Methods

About Active Directory Scans

After you install a gateway, you can use the Active Directory scan option to scan the network for computers that are not audited. For information about gateways and how to install them, see Managing Gateway Workspace Settings.

Before performing the Active Directory scan, make sure to open the network ports for the gateway to communicate effectively with the domain controller. In your firewall settings for the service, enter port 53, and select the option UDP (for DNS) or TCP protocol. To manually open ports in your Internet connection firewall, refer to operating system help.

Scanning the Network for Computers Not Being Audited

1.Log in to the Service Desk Console as a ISM Discovery Manager.

2.Open the Gateway workspace.

3.Click Scan Active Directory.

4.At the prompt, click Yes.

The system creates an agent task for the gateway. After the gateway receives the task, the scanning process starts.

When the scan finishes, the computers that are not audited are listed. The following types of machines are discovered: CI.Workstation and CI.Server.

After the agent is deployed, as described in Deploying Agents to Other Computers, types of CI.VirtualWorkstation and CI.VirtualServer are detected. Remote scans also detect virtual workstations and servers.

If the system does not detect the configuration item type or operating system, it is identified as an unknown device. See Viewing Discovered Assets and Changing the Type.

When the system discovers a configuration item, the system populates the Task Type column of the Agent Tasks tab.

Agent Task Type

Other Discovery Methods

Apart from the Active Directory scan, the other discovery methods are SCCM, LanProbe, Netscan, remote, user created, self registered (for gateway and client installations), and terminal sessions.

From time to time, computers might be added to the network. If LanProbe is enabled, new computers are discovered automatically. If LanProbe is not enabled, you must run another Active Directory scan in order to discover them. Or, if LanProbe is not enabled on the inventory setting, you can use the Turn off lanprobe and Turn on lanprobe quick actions to enable LanProbe for certain machines and disable it later. For more information, see How HEAT Discovery and Inventory Auditing Work.

After you generate a list of computers that are not audited, you can manage these computers by deploying an agent to them (see Deploying Agents to Other Computers) or by auditing them remotely (see About Running Agentless Audits).