Business article search

Create a task to sync ESET Remote Administrator with Active Directory (6.x)

Issue

  • A synchronization task is required to synch the ESET Remote Administrator (ERA) Virtual Appliance or ERA for Linux with Active Directory
     
  • If automatic synchronization fails in ERA for Windows Server, you can use a task to sync ERA with your Active Directory
     
  • Configure communication between your ERA Virtual Appliance and your existing Active Directory.
     
  • No agent icon next to computer name and inability to push install

Solution

Prerequisites

For the Active Directory (AD) sync task to run effectively, it is important that all AD objects that will be synced and their corresponding DNS and reverse DNS records are correct on all servers. Any inconsistency in these items can result in incorrect sorting of AD objects or excess AD objects being placed in the Lost and Found group.

Solution

  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click Admin Server Tasks Static Group Synchronization and then click New.

Figure 1-1
Click the image to view larger in new window

  1. Type a Name for your new task into the appropriate field and select Static Group Synchronization (selected by default) from the drop-down menu. We recommend that you select the check box next to Run task immediately after finish for the fastest response time.

Figure 1-2
Click the image to view larger in new window

  1. Expand Settings and click Select under Static Group Name. Select the static group that will receive new computers and users from Active Directory and then click OK.

Figure 1-3
Click the image to view larger in new window

  1. In the Server Connection Settings section, type the following information into the corresponding fields:
    • Server: Type the Servername or IP address of your domain controller.
       
    • Login: Type the login credentials for your domain controller in the format DOMAIN\username.

      Type the domain and username in all caps

      Be sure to type the domain and username in all caps, as Linux systems require this formatting in order to properly authenticate queries to an Active Directory server.

    • Password: Type the password used to log on to your domain controller.

Figure 1-4
Click the image to view larger in new window

  1. Select the check box next to Use LDAP instead Active Directory.
     
  2. The LDAP Parameters settings will be displayed. Click Custom next to Presets and select Active Directory.

Figure 1-5
Click the image to view larger in new window

  1. Select the check box next to Use Simple Authentication.

    Computer Description Attribute field in ERA 6.5

    The Computer Description Attribute field is available when configuring LDAP. Only attributes of the type Directory String can be used.

    Attribute Example
    dNSHostName windows10.admin.mydomain
    cn WINDOWS10
    name WINDOWS10
    operatingSystem Windows 10 Enterprise N
    operatingSystemVersion 10.0
    sAMAccountName WINDOWS10$
    servicePrincipalName windows10.admin.mydomain
    description Default container for upgraded computer accounts

     

  2. Click Browse next to Distinguished Name. Your Active Directory tree will be displayed. Select the top entry to sync all groups with ERA, or select only the specific groups that you want to add. Click OK when you are finished.

Figure 1-6
Click the image to view larger in new window

  1. Click Finish. Your new task will be displayed in the list of tasks on the right and will run at the time you specified.


Was this information helpful?