Is there ever going to be a way to limit what is imported from AD? We have Dealer Accounts and Customer Accounts in our AD that don't need to be in FNMS. We also have Conference Rooms in AD. All of these are being imported, and make our All Users very large. If we could have a way to import just valid users (we do have a way of identifying these Customers & Dealers and Conference rooms), it would be so much better.

While we import all of the user accounts - you can blacklist accounts in your Settings. Just be careful and test your wildcards - for instance underscore (_) is a wildcard for a single character. At this time FNMS does not support a mechanism to "escape" that and enforce a blacklist to include the underscore (_).

If you are using FlexNet Manager Suite On-premises (not Cloud) then one approach would be to look at customizing the queries in the "users" ImportProcedures reader(s) for your data source(s) so that accounts you don't want get skipped from being imported.

As customization, this comes with all the consequential beneficial power of having control over data, but with associated drawbacks like needing appropriate skills to develop and maintain this type of thing.

Hi Chris,

I am wondering what about maintenance? I know compters are removed out of FNMS if they are removed from AD.

But does that also happen for users? I believe not.

Regards

Ronald

@Ronny_OO7 

That's correct, users are currently not maintained the same way and are not deleted from within FNMS based on AD removal. (There are use cases that would be good reasons for keeping their historical records in FNMS...)

Thanks,

Thanks John,

That is not what support is stating:

The way it works, is that the beacon pulls users and computers from AD, during the AD import process. (you can see what it brings over by disabling the upload tasks on the beacon, then running the AD import rule, and check the actdir.gz) 
This is then imported into the inventory db under tables starting with AD (i.e. ADcomputers, ADusers) During the reconcile process it reads the data from the AD tables and puts them into the Imported tables (i.e. importedusers). Then after that during the writer process of the reconcile, it merges data from other data sources (i.e. SCCM) into a single user record within the compliance tables 

Now what is supposed to happen, when you remove the user from a data source it is supposed to remove from FNMS, however if the user has multiple data sources it will not be removed from FNMS. 
easist way to check is to check the importedUser table and see what connections are creating that record 

  That is the reason I like to know the exact details.

Once a user is imported from AD and also removed from AD it should be removed. But if this user is also listed in SCCM or other data source. The user is not removed?
So how do we remove these users then? And why doesnt fnms remove these users?

 

@Ronny_OO7  - Yes, Users work differently than Inventory Devices.  If you truly want FNMS to delete a "user", then that user must be deleted from every inventory source that it appears (such as SCCM).  

Your other option (similar to an Inventory Device), is to change the status of the User within FNMS to a status of "Inactive".  Inactive users do not consume against a user-based license, even if they are allocated.