Is there a walkthrough for mapping Active Directory that someone else has successfully followed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2017 03:41 PM
Is there a walkthrough for mapping Active Directory that someone has successfully followed?
I'm trying to get AD Forest, OUs, AD objects into cmdb.
I've been to the following and been unsuccessful:
https://community.servicenow.com/thread/165690
Thanks.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2017 07:58 PM
We map out our Active Directory OU structure using the CMDB. We essentially import all of the OUs through the LDAP import. When we complete the import we run a script that builds out all the relationships.
Because the Distinguished Name contains the hierarchy of the OU we are able to just split it - the first entry is the OU itself and the entry before is the OU that is a parent (with the logic to figure out which one is at the root of course). So after we import all the OUs we just build out the relationships ourselves.
I'm not sure all what objects you are looking to bring in, but the LDAP import will allow you to bring in any object you want. With the Distinguished Name you have everything you need to map out a hierarchy. You use the LDAP Target to specify the object class like this: (objectClass=organizationalUnit)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-23-2017 01:00 AM
HI Russel,
Earlier one of our customer mapped out our Active Directory OU structure in our CMDB using relationships with our LDAP connection (so it's updated automatically):
This allows us to logs changes against them OUs, assign ownership to them, have an approval structure, etc. This is necessary for our next step, which is to pull back permissions in AD and force users to do their creation/modification of accounts/objects within SN. With the OU structure mapped out we are able to automate things like approvals.
I guess if you have already purchased the licensing to do Service Mapping then my post is probably useless - you would most likely use the tool you paid for. We have a hard time purchasing that licensing because, for our environment, we already have many tools that do this already for us and we just integrate with them to bring it into SN.
Thanks,
Aditya Telidevara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-24-2017 08:22 AM
Why are you putting these into the CMDB?
To manage change to configuration items:
AD users - DN, memberof
AD groups - membership, DN, etc
AD group policy objects
AD Organization units
AD ACLs on objects, etc.
Thanks.