I've been asked to push some accounting software to our accountants. The only place this list of users is defined is in a global Security group called Accountants. The users are in different OUs based on their geographic location. I had hoped KACE would be able to associate the users with their machines and target that way.
How can I use this list of users to target them for a Managed Install?

I tried an LDAP label like this:
Type: Device
Base DN: DC=company;DC=net
Advanced Search: samAccountName=Accountants

This label applied to every machine as it checked in.

Also tried
Type: User
Base DN: CN=Accountants,OU=Houston-Security Groups,OU=Houston,OU=Region - GC,DC=company,DC=net
Advanced Search: (samaccountname=KBOX_USER_NAME)

This applied to every user (3 tested, member and notmember of Accountants), and they had to log into the K1000 web to apply the label.
Answer Summary:
2 Comments   [ - ] Hide Comments


  • I have a similar setup, not sure what KACE is. but Using RPC I can tell any workstation to start an install or copy a file etc.
  • I have been following a few related KACE questions regarding the tie between AD users and their PC's in the K1000. From what I'm observing is, the users don't populate the LDAP label unless they log into the K1000. Is that correct? If so, there has to be a better way while the plumbing is in place!
Please log in to comment

Answer Chosen by the Author



I use an LDAP label to identify what PCs my IT Staff are logged into. You were on the right track with the device label, but your filter needs to be based on the user name.

It would look something like this:

Type: Device
Base DN: DC=company,DC=net
Advance Search: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=Accountants,OU=Houston-Security Groups,OU=Houston,OU=Region - GC,DC=company,DC=net))

Answered 09/11/2015 by: BHC-Austin
Fourth Degree Black Belt

  • Imagine my surprise when a year and a half later I decide to revisit this problem and find my own post.

    I get the expected user list when I do the memberOf search in LDAP Browser and thought I was gravy, but ALL devices started getting tagged in it after check in.

    LDAP Browser gives no results when I add the &(sAMAccountName=KBOX_USERNAME). Hrm.

    EDIT: I found https://support.quest.com/kace-systems-management-appliance/kb/112277 and see the KBOX variable is necessary but must be changed for testing. WIP.
Please log in to comment
Answer this question or Comment on this question for clarity


Did you try gpo on computer policy, with software package deployed from file share?
Answered 09/10/2015 by: okador
White Belt

Please log in to comment