Software Deployment Question

Given an AD Security Group of 621 users, how can I target them with a Managed Install?

09/09/2015 3290 views

I've been asked to push some accounting software to our accountants. The only place this list of users is defined is in a global Security group called Accountants. The users are in different OUs based on their geographic location. I had hoped KACE would be able to associate the users with their machines and target that way.
How can I use this list of users to target them for a Managed Install?

I tried an LDAP label like this:
Type: Device
Base DN: DC=company;DC=net
Advanced Search: samAccountName=Accountants

This label applied to every machine as it checked in.

Also tried
Type: User
Base DN: CN=Accountants,OU=Houston-Security Groups,OU=Houston,OU=Region - GC,DC=company,DC=net
Advanced Search: (samaccountname=KBOX_USER_NAME)

This applied to every user (3 tested, member and notmember of Accountants), and they had to log into the K1000 web to apply the label.
Answer Summary:
2 Comments   [ + ] Show comments


  • I have a similar setup, not sure what KACE is. but Using RPC I can tell any workstation to start an install or copy a file etc.
  • I have been following a few related KACE questions regarding the tie between AD users and their PC's in the K1000. From what I'm observing is, the users don't populate the LDAP label unless they log into the K1000. Is that correct? If so, there has to be a better way while the plumbing is in place!

Answer Chosen by the Author


I use an LDAP label to identify what PCs my IT Staff are logged into. You were on the right track with the device label, but your filter needs to be based on the user name.

It would look something like this:

Type: Device
Base DN: DC=company,DC=net
Advance Search: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=Accountants,OU=Houston-Security Groups,OU=Houston,OU=Region - GC,DC=company,DC=net))

Answered 09/11/2015 by: BHC-Austin
4th Degree Black Belt

  • Imagine my surprise when a year and a half later I decide to revisit this problem and find my own post.

    I get the expected user list when I do the memberOf search in LDAP Browser and thought I was gravy, but ALL devices started getting tagged in it after check in.

    LDAP Browser gives no results when I add the &(sAMAccountName=KBOX_USERNAME). Hrm.

    EDIT: I found https://support.quest.com/kace-systems-management-appliance/kb/112277 and see the KBOX variable is necessary but must be changed for testing. WIP.

All Answers

Did you try gpo on computer policy, with software package deployed from file share?
Answered 09/10/2015 by: okador
White Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ