Some users may have issues creating a community account. For more information, please click here.

What Active Directory data elements are imported by FlexNet Manager Suite?

What Active Directory data elements are imported by FlexNet Manager Suite?

Summary

What are the default Active Directory elements that are imported by FlexNet Manager Suite when using the out of the box importer?

Discussion

When using the default Active Directory Import with FlexNet Manager Suite what are the elements that are imported and used?

The following user information is imported by Active Directory:

  • Username
  • SAM account name
  • User domain

In addition the following infrastructure information is imported:

  • Sites & subnets
  • Computers
  • Groups

Additional Information

The default Active Directory import will not import information such as the user's manager, email address or location etc. Properties such as these can be imported using a business adapter.

Labels (1)
Was this article helpful? Yes No
No ratings
Comments

Hi,

is it possible to add new elements in the standard Active Directory import because we would have the status about user and computer objects imported from AD to see it in FNMS ?

Reason:

Compare only active computer from AD vs. computer from Inventory

Compare only active user from AD vs. FNMS operators who are active in FNMS

 

THX for same feedback ....

 

@heiko_fuchs2 - You can bring in additional attributes from Active Directory by with a Business Adapter that connect to AD and extracts the additional attributes with an LDAP query.  For example, the user 'Status' from AD can be imported with a Business Adapter to match to existing Users in FNMS to update the user 'Status.

@kclausen  where is the computer information extracted from AD are used within FNMS

 

As per my understanding, the inventory tab only shows the information collected from agents from multiple sources FNMS, SCCM,.....

The information regarding Active Directory Computer accounts is stored in the ComplianceInventory database and is currently not shown anywhere within the user interface.

@kclausen  I could not find ComplianceInventory in our DB would you please help me to navigate to find the DB.

Also, will any of this information extracted from AD will be considered for inventory reconciliation or license reconciliations.

@raghuvaran_ram - The database name should be something like "FNMSInventory".

Information extracted from AD is not used in any license reconciliation activity as AD does not provide any details around Hardware or Software Inventory.  You need agent-inventory for that to work (SCCM, BigFix, FNMS Agent, etc.)

@kclausen  it will also not have any impact on the inventory (device) collected from an agent, is that right?. in our estate the primary input is from SCCM and FNMS agent so any new asset that is not part of these 2 agents will not be added to the inventory and it will not show us in the UI?

@raghuvaran_ram - You are correct.  Until a computer receives the SCCM or the FNMS Agent, they will not appear within FlexNet Manager as an inventory device.

Hi, I have a quick question here,

Question1: What is the purpose of computer data being imported into FNMS from AD? and again AD data should be in FNMSCompliance DB right? FNMSInventory should be for the Inventory data coming over Agents.

Question2:  Is there any configuration in FNMS that if data(Computer) in SCCM is removed post some time, the same records in FNMS will be deleted?

Thanks in Advance,

Srikanth Mallampati

hi @srikanth_m ,

you may please refer to the KB article which might clarify your question2

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Is-it-possible-to-keep-inventory-rec...

Regards,

@srikanth_m - a key reason that computer details are imported from Active Directory is so that FlexNet Manager Suite can automatically delete old inventory data associated with any computer that is deleted/disabled in Active Directory.

Similar, if a computer is deleted from an SCCM database that FlexNet Manager Suite is importing from then those computer details will be deleted from FlexNet Manager Suite as part of the next import process.

Hi,

 

The default SCCM importer will also only import the information referenced above and can also be customised to bringing in additional attributes if required.

- What exactly do you mean by this statement? Are you saying that SCCM imports default user information into FNMS along with the Inventory information apart from AD? If yes, what all other sources can import User information into FNMS and what unique parameter does all those imports look while creating a new user if not already present? How can we remove the duplicate users if already created and how can we make sure in future duplicates wont be created? How to check in UI or backend(SQL) from which source did a User is created?

Thanks in Advance!

Regards,

Srikanth,

@srikanth_m - yes: the default integration with SCCM imports user name, domain and SAM account name details for users that have been discovered by SCCM. This data is sourced from the user_disc table in the SCCM database. Other inventory sources also have user information which may be imported, although the details of what is available will vary by source.

Generally you shouldn't end up with duplicate user records if you import data from multiple sources and key properties on the user records match. However if you are importing from multiple sources that logically contain data about the same user, but key properties for the user don't match, then you could end up with records that are logically duplicates of each other. For example, maybe one source identifies users by SAM account name and other sources identifies them by email address - when importing the data the system wouldn't be able to match up the two data sets. In that situation you may need to review where you get getting user data from and ensure the sources can provide data that can be matched up to each other.

Is AD integration Mandatory when we do Data center licensing using FNMS? can we restrict the data being gathered from AD only to infra level information like domain, site & Subnets and group?

@winvarma - This cannot be changed. 

Besides, even if you are only focused on the Data Center you have user-based licensing that must be tracked.  For example, for Microsoft MSDN if there is a dedicated DEV server, you need to assign that server to an MSDN user so that the software installed is consumed against the MSDN license.

You also have CALs and other user-based access licensing that requires User Accounts to calculate license consumption.

Version history
Revision #:
3 of 3
Last update:
‎Jul 22, 2021 08:39 PM
Updated by:
 
Contributors