Basically, if a user requests access which is provisioned by an active directory group that does not require an approval, can Kace put that group onto the End User's AD account automatically? And if so, what application/package (IE Service Desk) does that?

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



It's not an automatic process. You would either have to schedule LDAP imports or the account would update the next time the user logged into the K1000.



Answered 09/04/2013 by: jknox
Red Belt

  • Thank you jknox...by chance would you know what part of Kace could be used for this? Would it be the Service Desk part?
  • jknox, I think what he's asking is if KACE can add members to an AD group... to which the answer, I believe is, no... KACE can only do LDAP queries to request info FROM the AD. So your answer would certainly apply after the user is added to the group on the AD side, but it seems he's looking for a way to automate the AD side of things.

    That being said, you could write a VBS or Powershell script to automate adding a user to a particular group... the trick would be figuring out how/where to execute it from since it would have to be run as a user with rights to modify Domain Groups
    • Whoops, not enough caffeine this morning apparently. Missed that part.

      LDAP is read only from the K1000. Any changes would have to be made on the LDAP server itself.
      • Could this be done by using a custom mysql rule and script?
Please log in to comment