The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.
Hello Community,
Flexera in the latest release , have a new feature where you can create reports based on ad groups and allocate that report to a license.
In the past we used powershell scripts to gather the users and the with business adaptor to allocate or deallocate the users.
The question is, do the new feature from Flexera work with nested groups? Because the customer have nested groups in AD, and this is a big problem.
Thank you for your support and I wish you a nice day.
Mar 15, 2024 08:50 AM
The allocation of users will take place based on them being direct members of the AD group. I.e., the functionality will not interrogate nested AD groups in this context. (I'm not sure if that fits your use cases in context of "...work with nested groups" or not...)
Thanks,
Apr 02, 2024 01:44 AM
Hello Adrian,
I confirm What John say, Level 1 AD groups to users link have been used for the AD Group Object.
Going through nested groups was a nightmare performance. Another reason we did not reflect nested groups is that there is an option, group per group, to inherit rights from parent groups. Not sure how we can manage this.
I just checked... and we did not document this in the feature announcement https://docs.flexera.com/fnms/EN/Features/index.html#FeatureList/2023R1-3/RN-new-ADGrpObject.html
Apologies for this.
Best regards,
Nicolas
Nicolas Rousseau
Apr 02, 2024 05:20 AM - edited Apr 02, 2024 05:22 AM
Hi Nicolas,
it's really a great feature, but how about device license and allocation by reports?
Seeking for analogy, I would assume that I simply can create the device report, based on the security group in AD, but in the current config it seems to be impossible. When I select Inventory device object in the Report Builder, I cannot select AD Groups later on.
Is there anything we can do to overcome this problem? AD groups *for devices* would be beneficiary for automated allocation and exemption.
Best regards,
Piotr
Apr 19, 2024 06:03 AM
Hello @piotrmichnowski ,
That's true AD groups for devices have not been investigated. It would be good to open an idea on that. I just checked and the data is already stored in the FNMSCompliance tables and would have personally no issue creating the link between Inventory Device and AD Group as a reporting Object if you are on premise... I created the code for the user AD groups, this should be fast.
This will open to the possibility of Intelligent Allocations, Exemptions or Restrictions for devices using their AD Group (level 1) membership.
Happy to discuss this if you want by email nrousseau@nrsamconsulting.com.
Best regards,
Nicolas
Apr 22, 2024 05:36 AM
My context is FlexeraONE.
I've created the workaround - device report which is referring (indirectly) to the security group.
Since in current setup the only possible relationship with AD Group is for user, I used the Calculated user as a proxy. Now the structure is as follows:
First object needs to be Inventory device, then:
Using this trick, I'm selecting machines to be automatically exempted from some licenses.
But definitely, the possibility of using the security groups directly, when the group members are computers and not users, whould make this story much easier - I'm eagerly waiting for such feature in FlexeraONE.
Best reagards,
P
Apr 24, 2024 02:23 AM
Thanks @piotrmichnowski ,
I would have expected computers security groups to be different from user's one (but I have never administrated users and computers in AD). I am glad the (calculated) user's AD groups can be of use.
Thanks for sharing.
Apr 26, 2024 05:42 AM
The idea should be pretty simple: in AD security group you may keep different objects, and sometimes it makes sense, but in essence we would like to keep:
Naturally, it's only quite simplified approach, but could be enough to automate allocation and exemption processes quite heavily.
Perhaps we simply need to create the feature request in FlexeraONE.
Best regards,
Piotr
Apr 26, 2024 06:23 AM