Hi, Once the original machine becomes obsolete in SCCM and is removed from the SCCM database by a maintenance task, it should also be deleted from FNMS during the the next Inventory import. Finding and deleting duplicate Inventory devices in FNMS is a common challenge. I'm attaching a SQL script that allows checking for duplicates based on the Serial Number. The script can be used for deleting computers if you Uncomment line #72 to make sure that duplicates are reported only Uncomment line #86 (EXEC ComplianceComputerRemoveBatch) to trigger the deletion of Inventories from the [ComplianceComputer] table As long as duplicate computer are still found in the SCCM Inventory source database, there is no point in deleting them from the [ComplianceComputer] table in FNMS. They would re-appear during the next Compliance import ... ... View more

Hi Jan, FNMS tries avoiding duplicate computer entries when importing inventory data from SCCM. The relevant code can be found in the "BuildRelevantComputerList" procedure that populates are temp table named #UniqueSMSComputers. The following code and comments can be found in the Computer.xml file that is part of the SCCM (SMS) reader: -- we need to check if there are obsolete computers in SCCM, -- but some databases do not have that column in them -- it looks like a service pack or feature install that -- creates this column. -- This will require the usual workaround of executing a string, so -- that SQL Server does not validate the schema and cause a failure on systems that -- do not have the column. -- this detects the presence of the column we need to use -- @Obsolete will be null when the column does not exist -- DECLARE @Obsolete int SELECT TOP 1 @Obsolete = 1 FROM INFORMATION_SCHEMA.COLUMNS AS c WHERE c.COLUMN_NAME = 'Obsolete0' AND c.TABLE_NAME = 'System_DISC' -- in the case of duplicate computer entries -- ignore the older version in this table. -- this will not affect software installs, because -- they only use machineID as the key IF @Obsolete IS NULL BEGIN EXEC ('INSERT INTO #UniqueSMSComputers (MachineID, InvDate) \ SELECT c.MachineID, MAX(c.TimeKey) as InvDate \ FROM Computer_System_DATA AS c \ GROUP BY c.MachineID') END ELSE BEGIN EXEC ('INSERT INTO #UniqueSMSComputers (MachineID, InvDate) \ SELECT c.MachineID, MAX(c.TimeKey) as InvDate \ FROM Computer_System_DATA AS c \ JOIN System_DISC AS s ON c.MachineID = s.ItemKey AND s.Obsolete0 = 0 \ GROUP BY c.MachineID') END As you can see, FNMS uses the [Computer_System_DATA].[MachineID] as well as the [System_DISC].[ItemKey] computer properties for duplicate checking.   ... View more

Hi "Captain Kirk", This seems to be a Flexera internal KB article that is not available even to users that are logged into the Community ... ... View more

Asking the obvious: Did you trigger a compliance import (reconcile) after doing the configuration change on the license? Triggering a quick reconcile from the FNMS Web UI (Menu "License compliance > Reconcile") without checking the "Update inventory for reconciliation" should be all that is needed for updating the consumption data on your license(s). ... View more

Hi, Not sure if I understand your requirement correctly. For the initial deployment of an agent only, you have specify one dedicated Beacon in the 'mgssetup.ini' (Windows) configuration file. Subsequently, when downloading the policy, Flexera agents will learn about all Beacons available. They have a built-in feature to automatically select the "best" Beacon based on various algorithms that you can pick from. This is described in Chapter #8 in the "Gathering FlexNet Inventory" document. In case you want to limit what Beacons an agent can communicate with, you can use the "ability to restrict FlexNet inventory agent communication" feature that has become available withFNMS 2019 R2. ... View more

Hi rahmanax, That is only partially true, unfortunately. The standard interface from FNMS into Active Directory (AD) will only import the "Full name" (CN), "Account name" (SAMAccountName) and Windows Domain user properties from AD. Any additional user properties like "countryCode" need to be added using a Business Adapter. It looks as if the "Employee ID" field shown in your screenshot is a not a standard user property in AD, but this will not matter for import. The field "Employee ID" does exist as a user property in FNMS. The topic of building a Business Adapter (MGSBI) for pulling additional user properties from AD has been discussed recently in this forum, like Multiple-AD-Integration and FNMS-Cloud-integration-with-Active-Directory. Talking about reporting, only the "Location" field can be displayed in the "Enterprise > Users > All Users" view by default. Getting a report on users that includes a column for both the "countryCode" as well as  for the "Employee ID" field would require some additional customization. As you are using the on-premises version of FNMS, you can build a report based on SQL and expose it to the FNMS Web UI. Flexera services or a qualified Flexera business partner should be able to help you with that. ... View more

As the standard FNMS AD interface does not import location, phone # etc, this sounds as if you did configure your own Active Directory integration using a Business Adapter (MGSBI). When configuring the AD integration (see attached screenshot) You import an object of type "Compliance Domain" before importing the "User" type object For the user object, you populate at least both the "Account Name" as well as the "Domain ID" property For the value for the "Domain ID", you use the "Domain_ID" value that is populated from the "Domain" object that you imported previously. For both the "Account Name" property as well as for the "Domain ID" property, the checkbox "Use this property for matching existing data" needs to be checked. This configuration will prevent AD users having the same sAMAccountName but coming from different Windows domains from overwriting their user properties, as both sAMAccountName as well as the name of the Domain need to match. ... View more

Hi rclark0, Are you using the standard FNMS Active Directory (AD) interface where the export is configured on the "Active Directory" page on a Beacon, or did you configure your own integration using a Business Adapter (MGSBI)? Which release of FNMS do you use? Also, can you clarify please if in the Active Directory instances that you are importing data from: There are users having identical sAMAccountName and different Windows domains, or There are users having identical sAMAccountName and identical Windows domain names If you have sampe AD users with overlapping names from different AD sources, could you check in the [FNMSCompliance] database in the [ImportedActiveDirectoryUser], [ActiveDirectoryUser] as well as in the [ComplianceUser] views if these users are distinct, please?   ... View more

Hi Kyle, Sounds as if you might be looking for some sort of "Single Sign-On Support"? In the FNMS SystemReference document, Chapter #10 (Page #332-350) deals with "Single Sign-On Support with SAML" and "Signle Sign-On Support with Google OAuth 2.0". ... View more

Hi Kyle, The following is explained by providers of SSL certificates, like by DigiCert: To check the revocation status of an SSL Certificate, a client connects to the URL of the Certficate Authority (CA) and downloads the CA's Certificate Revocation List (CLR). Then, the client searches through the CRL for the serial number of the certificate to make sure that it hasn't been revoked. So you need to know the URL of the Certficate Authority (CA). For the US FNMS Cloud and Cloud Beacons, the CA happens to be issued by DigiCert. The client needs to have access to all DigiCert SSL CLR IP Adresses. This list is available on the Internet. Basically, you need the firewalls to be reconfigured for allowing the local Beacon(s) access to DigiCert CLR IP Adresses. ... View more

Hi Abhilash, The reason why you are getting more users from the MGSBI Active Directory adapter compared to  the standard Active Director (AD) interface most likely is the 'User Blacklist' used for filtering users in the standard AD interface. You can see the list of black-listed user names in the FNMS Web UI under "(cogs) > System Settings > Users". This list contains account names available on any Windows computer, like 'Administrator' and 'Guest'. The list also contains generic accounts using the percent sign ('%') as a wildcard. You don't want these standard accounts to be counted as real users. In case you want to check the list of  AD users imported by your Business Adapter for Windows accounts to be filtered, you can run the following SQL statement on the staging table where you store users:  SELECT     [ComplianceUserID]    ,[UserName]    ,[SAMAccountName] FROM [ComplianceUser] cu LEFT JOIN [ComplianceDomain] cd ON cd.ComplianceDomainID = cu.ComplianceDomainID WHERE EXISTS (    SELECT 'x'    FROM [UserNameBlacklist] unb    WHERE cu.SAMAccountName LIKE unb.UserName      OR (cd.FlatName IS NOT NULL              AND (cd.FlatName + '\' + cu.SAMAccountName LIKE unb.UserName)) ) This statement assumes that you did import the users into tables named [ComplianceUser] and [ComplianceDomain] built like the original tables in the [FNMSCompliance] database, and that you have the black-listed users stored in a column [UserName] in a table named [UserNameBlacklist]. A quick word of warning: Be careful when replacing the FNMS standard Active Director (AD) interface by a Business Importer. The import process (compliance reader) relies on the standard [FNMSInventory].[ADUser] table being populated by the Active Director (AD) interface. Any users not found in the standard user table will be deleted from the users visible in the FNMS Web UI (stored in the [FNMSCompliance].[ComplianceUser] table) when running a compliance import. Customizing the SQL code used in the compliance import (READERs and WRITERs) might be an option when working in an FNMS on-premises environment. You don't have that option when working in the Cloud. The best practice approach for populating user data in FNMS would be: Use the standard Active Director (AD) interface for importing users from AD. This interface will import the "Full name"", Account name" and "Domain name" user properties only. Use a Business Adapter for augmenting the user information imported from AD with additional user properties, like "First Name", "Last Name" and "Email". ... View more