How to create an LDAP Label to capture users in an OU?

I would like some help creating an LDAP Label that can capture all the users in an OU from our Active Directory. For example, I would like to be able to create an ldap label called "IT Dept" and be able to capture only people who work in IT. Ultimately I would like to be able to use this label to group IT computers so I can use it when scheduling\testing patches.

I'd appreciate all the help. Thank you.

2 Comments   [ + ] Show comments
  • I'm not sure you will be able to do what you want in this way. You are asking to create a group of USERS from LDAP so you can create a group of DEVICES. To group DEVICES you need to create a DEVICE LABEL, to group USERS you create a USER LABEL.

    For patching it makes more sense to create a manual label and put your designated IT machines into it. Rather than using a Smart label, as there is a danger that you accidentally add a machine that IT have used and is now back in the live environment - Hobbsy 5 years ago
    • Thanks Hobbsy. I see your point about accidentally pushing patches to machines we didn't intend to include. Yeah, actually I am currently using a manual label to group the machines by departments. I was just thinking about automating the process of adding machines to the department label (as they get built) so we don't miss pushing patches to those machines. But yeah, again your point is valid and I might have to just stick to using manual labels especially for patching. Thanks! - allenn 5 years ago
  • Are you talking about grouping computers in the Kace 1000 box based on a user OU from Active Directory? If so, I do have a way to do that, I will post an answer when I have a minute to write it up. However, I'm going to agree with Hobbsy that this method is a little risky for patching. - Ben M 5 years ago
    • Ben, thanks for the reply. Yeah, I am still interested in how you'd create smart labels to group computers based on a users OU from AD. Yeah, I agree that Hobbsy has a valid point about using manual labels as opposed to smart labels for patching.
      Appreciate the help! - allenn 5 years ago

Answers (2)

Posted by: StockTrader 5 years ago
Red Belt

to create a LDAP label to target all the users in a specific OU you need to do this:

1-The type of LDAP label needs to be URSES
2-In the Base DN field you need to enter your target OU (example: OU=OrgA,DC=kace,DC=local)
3-In the Advanced Search it is enough to have a query like this one: (samaccountname=KBOX_USER_NAME)

Kind regards,
 Marco - StockTrader

  • I just wanted to say thanks for this answer. it's exactly what I've been trying to do for a while now. - toneal 1 year ago
Posted by: Emmanuel-Drot 5 years ago
White Belt

you could try this by powershell:

#set the group name
 $Group = "IT Dept"

 #get the objects that you want to add to the group (in this case, users with IT Dept in the description)
 $users = get-aduser -filter {description -like "*IT Dept*"}

 #Add the users to the group
 Add-ADGroupMember $Group $users

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ