In AD computers are separated by departments.

I created an LDAP label for each department OU.

Search Base: OU=HR,DC=hq,DC=com
Search Filter: (objectclass=computer)

When I test the label I get the results I intended on (43 computers). I enabled the LDAP label and noticed that it was populating with all the computers in my organization instead of the 43 computers in the specific OU. What am I doing wrong?
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


The KACE knowledge base article may help you with the syntax
Answered 02/12/2011 by: KevinG
Blue Belt

Please log in to comment
Took a look at the KB you linked. I am still having trouble...

According the the KB this is the correct syntax. The test query runs with out error but produces no results.


"NOTE: To test your Filter, replace any "KBOX_" variables with real values. Press the Test LDAP Filter... button and review the results"

b) I replaced "KBOX_COMPUTER_NAME" with * and saw all the computers in the HR container.
c) I replaced "KBOX_COMPUTER_NAME" with computername and see the specific computer.

When using the filter (a) the LDAP filter does exactly what the test shows. No computers get labeled.
When using filter (b) I encounter the original issue. All the computers in my organization receive the label. even though the test query produces the correct results (43 computers).
Answered 02/13/2011 by: tsg
Senior Yellow Belt

Please log in to comment
I have a feeling that using LDAP labels with machines is going to force you to wait until these 43 systems check-in before the label is applied. This is similar to the way LDAP user labels work - the users must login to the KBOX before the LDAP filter is applied against the account. The way you have it written is almost correct. Try this:

Answered 02/14/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
airwolf is correct, every LDAP filter must contain one of the KBOX_* variables or else it will be applied to every (or none) object it is evaluated against because the search will always be true (or false)
Answered 02/14/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment

This LDAP label is working!
Thank you to everyone who posted solutions. I was confused why the test query was running successfully but now showing any results. I now understand that the KBOX_ variable populates with a computer name when the query is executed on check-in.
Answered 02/14/2011 by: tsg
Senior Yellow Belt

  • Most helpful part for figuring out my configuration issues: "when the query is executed on check-in." Thank you!
Please log in to comment