Job Management Partner 1/Software Distribution Administrator's Guide Volume 1

[Contents][Glossary][Index][Back][Next]

3.4.2 Extracting the information needed for setup

This subsection describes how to export from Active Directory the information needed to create a map file and a parameter file and how to extract the required information.

Organization of this subsection
(1) How to extract the information whose specification is mandatory
(2) How to extract optional information

(1) How to extract the information whose specification is mandatory

This subsection describes how to extract from Active Directory the information whose specification is mandatory. Because the information to be extracted depends on the desired information, you must evaluate the range of information to be acquired from Active Directory beforehand.

The following table shows the information whose specification is mandatory, whether the information is specified in the map file, and the tag names to be specified in the parameter file.

Table 3-2 Information whose specification is mandatory

Information to be specified Whether the information is specified in the map file Tag name to be specified in the parameter file
Connection ID -- ID
Domain name -- DOMAIN
Target group's DN#1 -- GNAME
DN for the OU to which the target group belongs#1 -- GOU
DN for the OU to which the target computer belongs#1 -- COU
DN for the OU to which the target user belongs#2 -- UOU

Legend:
--: Specification is not necessary.

#1: At least one of these information items must be specified.

#2: Specified in order to acquire user information.

You use the LDIFDE Windows standard command to export Active Directory information. Because execution of the LDIFDE command with no options specified results in output of a large amount of information, you should execute this command separately for each information item that is to be output.

To export Active Directory information by using the LDIFDE command:

  1. Log in with the administrator role to the computer where Active Directory is running.
  2. Execute the following command to output the connection ID information:
    ldifde -u -p Subtree -r "objectclass=user" -l dn -f out1.txt
    The -u option outputs the information in UTF8 character encoding. This option must be specified.
    The following information is output to out1.txt:
    dn: CN=Administrator,CN=Users,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: CN=Guest,CN=Users,CN=Users,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: CN=User01,OU=Domain Controllers,CN=Users,DC=Sample,DC=co,DC=jp
    changetype: add
    :
    :
    The administrator's ID is specified for the connection ID. In this example, CN= Administrator,CN=Users,DC=Sample,DC=co,DC=jp is specified as the value of the connection ID (ID tag) in the parameter file.
  3. Execute the following command to output the domain name information:
    ldifde -u -p Base -l dn -f out2.txt
    The following information is output to out2.txt:
    dn: DC=Sample,DC=co,DC=jp
    changetype: add
    In this example, dn: DC=Sample,DC=co,DC=jp is the value of the domain name (DOMAIN tag) in the parameter file.
  4. Execute the following command to output DN information for the group for which directory information is to be acquired:
    ldifde -u -p SUBTree -r "(objectclass=group)" -l dn -f out3.txt
    The following information is output to out3.txt:
    dn: CN=Managers,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: CN=Group01,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: CN=Group02,DC=Sample,DC=co,DC=jp
    changetype: add
    :
    :
    If information about the Managers group is to be acquired, dn: CN=Managers,DC=Sample,DC=co,DC=jp is the value of the DN (GNAME) for the target group in the parameter file.
  5. Execute the following command to output DN information for the OU to which the group, computer, and user for which directory information is to be acquired belong:
    ldifde -u -p SUBTree -r "(objectclass=organizationalUnit)" -l dn -f out4.txt
    The following information is output to out4.txt:
    dn: OU=Groups,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: OU=Software_Division,DC=Sample,DC=co,DC=jp
    changetype: add
    dn: OU=Headquarters_A,OU=Software_Division,DC=Sample,DC=co,DC=jp
    changetype: add
    :
    :
    For example, if information about the Groups group is to be acquired, dn: OU=Groups,DC=Sample,DC=co,DC=jp is the value of DN (GOU tag) in the parameter file for the OU to which the target group belongs.
    If computer information for Software_Division is to be acquired, dn: OU=Software_Division,DC=Sample,DC=co,DC=jp is the value of DN (COU tag) in the parameter file for the OU to which the target computer belongs.
    If you acquire user information, specify DN for the OU to which the target user belongs in the UOU tag in the parameter file.

(2) How to extract optional information

This subsection describes how to extract optional information from the Active Directory information. You extract optional information by using the LDIFDE command to export the Active Directory information. The following table lists the optional information, whether the information is specified in the map file, and the tag name to be specified in the parameter file.

Table 3-3 Optional information items

Optional information Whether the information is specified in the map file Tag name to be specified in the parameter file
Attribute name used by the user for assignment between user and computer -- USRKEY
Attribute name used by the computer for assignment between user and computer -- COMKEY
Attribute name for the item to be acquired from the user Y USRATTR
Attribute name for the item to be acquired from the computer Y COMATTR
Attribute name for the item to be acquired from OU Y OUATTR
Attribute name for the item to be acquired from groups Y GRPATTR

Legend:
Y: Can be specified.
--: Specification is not necessary.

To identify an attribute name (COMKEY) used by the computer for assignment between user and computer:

  1. Execute the command shown below to output the administrator's computer information.
    In this example, the administrator's computer name is dmp001.
    ldifde -u -p Subtree -r "cn=dmp001" -f out5.txt
    The following information is output to out5.txt:

    Figure 3-58 Example of output result by the LDIFDE command

    [Figure]

  2. Check the computer on which the administrator has been set (do this in advance).
    In this example, the name of the computer on which the administrator has been set is dmp001.
  3. Search the file that was exported by the LDIFDE command for the data whose dn includes dmp001.
    See Figure 3-58.
  4. In the Properties dialog box on the computer, check the administrator's name in Active Directory.
    In this example, the administrator's name is AD.CO.JP/USERS/Jones.
  5. Search the file exported by the LDIFDE command for the data that contains Jones.
    See Figure 3-58. Because Jones is set for the managedBy attribute name, the attribute name of the administrator's name for the computer can be identified as managedBy. Specify this value in the COMKEY tag in the parameter file.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2013, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.