Companies often split up Active Directory entities by creating multiple Organizational Units (OUs) or Active Directory Security Groups. A machine group in Security Controls can be configured to include specific organization units or Active Directory Security Groups from Active Directory. For example, you might create a machine group that includes all machines from the 'Sales' organizational unit. The machines in the OU will be automatically enumerated when the machine group is scanned.
Adding an Individual Organizational Unit
The easiest way to add an organizational unit to a machine group is as follows:
2.Select the Organizational Unit tab.
3.Type the name of the organizational unit in the Enter an individual OU name box.
An OU is added in full LDAP format. For example, to add the Sales OU from the domain example.com, the format is 'ou=sales,dc=example,dc=com'. If you specify a parent OU, all children OUs will be included in the scan.
4.Choose whether you will allow SSH server connections to the machines in this organizational unit.
The SSH protocol may be used when the console initiates a connection with the specified machines. The primary use cases are when a power status scan or a push installation of an agent are initiated from the console to a Linux machine. Security Controls does not currently support the use of SSH server authentication, so unless you are certain that the specified machines are trusted and safe, you should choose to block SSH server connections. For more detailed information, see the SSH Authentication topic.
Importing OUs from an External Source
Browse Active Directory
This button opens a separate dialog that lists the contents of your Active Directory network. Locate the organizational units and/or machines you would like to add to the custom group, place a check mark in the desired check boxes, and then click Add checked items.
When organizational units are added, the new entries are displayed within the bottom portion of the machine group pane.