Role Availability | Read-Only | Investigator | Analyst | Manager |
To effectively manage your Microsoft Windows systems, USM Anywhere can perform scans through an Active Directory (AD) Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. server to collect inventory information. When you configure your VMware Sensor, Microsoft Hyper-V Sensor, or Microsoft Azure Sensor, you can define the credentials that USM Anywhere will use to perform AD scans through the sensor. When you configure these credentials, USM Anywhere performs an initial AD asset scan. You can also schedule a job to perform scans through the Active Directory Scanner and collect updated information about the assets managed by your AD server. The scan returns information for each computer in the AD domain in the following format:
Name : WIN2K12-DC
DistinguishedName : CN=WIN2K12-DC,OU=Domain
Controllers,DC=ECORP,DC=local
DNSHostName : WIN2K12-DC.ECORP.local
OperatingSystem : Windows Server 2012 R2 Standard
OperatingSystemServicePack :
OperatingSystemVersion : 6.3 (9600)
IPv4Address : 10.20.30.15
The Active Directory Scanner runs a PowerShell (version 5.1 or later) command through Windows Remote Management (WinRM) (version 2.0 or later). See Granting Access to Active Directory for USM Anywhere for information about configuring the AD server to allow access for USM Anywhere,.
To schedule an AD scan job
- Go to Settings > Scheduler.
- In the left navigation menu, click Asset Scans.
-
On the right side of the page, click Create Scan Job.
This opens the Schedule New Job dialog box.
-
Enter the name and description for the job.
The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.
-
Select Sensor as the source for your new job.
-
In Action Type, select Active Directory Scanner.
-
If you have more than one deployed USM Anywhere Sensor, select the sensor you want to use to run the scan.
This should be the sensor that is associated with the asset that you want to specify as the target.
-
In App Action, the Get Active Directory Asset Information option is already selected.
-
Specify the asset that you want to use as a target for the action.
You can enter the name or IP address of the asset in the field to display matching items that you can select. Or you can click Browse Assets to open the Select Asset dialog box and browse the asset list to make your selection.
-
In the Schedule section, specify when USM Anywhere runs the job:
-
Select the increment as Minute, Hour, Day, Week, Month, or Year.
Warning: After a frequency change, monitor the system to check its performance. For example, you can check the system load and CPU. See USM Anywhere System Monitor for more information.
-
Set the interval options for the increment.
The selected increment determines the available options. For example, on a weekly increment, you can select the days of the week to run the job.
Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.
-
Set the start time.
This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time [UTC]).
Important: USM Anywhere restarts the schedule on the first day of the month if the option "Every x days" is selected.
-
- Click Save.