Has anyone actually mapped out Active Directory with Service Mapping?

jasonbrough
Kilo Expert

As per above. If so, please share any information on how you did it. Thanks

7 REPLIES 7

TrevorK
Kilo Sage

I'm not sure if it will help, but we mapped out our Active Directory OU structure in our CMDB using relationships with our LDAP connection (so it's updated automatically):


find_real_file.png



This allows us to logs changes against them OUs, assign ownership to them, have an approval structure, etc. This is necessary for our next step, which is to pull back permissions in AD and force users to do their creation/modification of accounts/objects within SN. With the OU structure mapped out we are able to automate things like approvals.



I guess if you have already purchased the licensing to do Service Mapping then my post is probably useless - you would most likely use the tool you paid for. We have a hard time purchasing that licensing because, for our environment, we already have many tools that do this already for us and we just integrate with them to bring it into SN.


Thanks Trevor. I was wanting to map out the hosts within AD rather than the OU structure but I like what you have above. Was this done via the LDAP integration?


Yeah - we did it with the LDAP integration. You could also map out your computer objects the same way, but I would think you want more (different) information on them that AD itself cannot provide. If all you want to do is toss them into the CMDB so you can log things against them, great. But we wanted more detail, and we wanted to be able to relate things like our virtual servers to their cluster.



We map out our computer objects differently - we built an integration with VMWare to map them out and relate them manually to our business services. It seems like a lot of manual work, but it's not (VMWare knows the relationships, so we just use that info). And it allows us to capture relationships that I do not think any tool could - for example, you can see some of our custom SN apps below (Animal Health Request, DCICE Request, ODS Request, etc.).



I'm not sure if every company is the same as ours - but we have so many tools that already do discover and track items (routers, switches, vm hosts, physical machines, etc.) that we thought - why reinvent the wheel? Why not just bring in this information rather than go out and try to duplicate what is already done?



Again, if you have already purchased the licensing to do the service mapping I can see you saying "I don't care, SN will do it" and that's perfectly fine. We just chose a different path because of the huge expense to do the discovery tool and what seems like, to us, the need to still do some manual mapping.



Here's our MID server map:


find_real_file.png


Hello Trevor

This is good information. Our customer also has similar requirement.

Can you tell me, which CMDB tables you have mapped OU Information ? (For example: Ad Ou Structure etc).

And which object of Active Directory you have mapped to create the OU?

And how you linked user to the OU automatically via AD integration ?