Report to find missing LDAP machines

We push our KACE agent out through group policy.  In KACE I have an LDAP label that lists 875 machines on our domain.  But when I test the LDAP label in KACE, I get a "Search successful with 897 entries found" response.  I have verified in active directory that we indeed have 897 machines on our domain.  And for one reason or another the agent failed to install via the group policy software package.  I have manually pulled the machine list in active directory and compared them to the KACE inventory to find the problem machines.  I would like create a report that I can schedule weekly that compares the machine inventory in KACE to what KACE sees when it queries LDAP, so that problem machines will be automatically reported in the future.  Any help would be appreciated.



1 Comment   [ + ] Show comment
  • How are you testing the LDAP label? - chucksteel 3 years ago
    • I click label management, then LDAP Labels, then select the LDAP label. Then select "test" at the bottom of the screen. At which time I get the following results.
      Testing LDAP Label Settings...
      Testing "Domain Computers" connection to: domaincontroller.domain.msad on Port: 389
      OK: Connection Successful.
      OK: Setting Protocol Version 3 Successful.
      OK: Setting LDAP REFERRALS Option 0 Successful.
      OK: Search Bind using LDAP supplied credentials Successful.
      Applying search filter [(objectCategory=computer)]
      OK: LDAP search (with filter [(objectCategory=computer)]) Successful.
      OK: LDAP Search successful with 898 entries found.
      OK: Secondary bind using [CN=domaincontroller,OU=Domain Controllers,DC=domain,DC=msad] successful
      OK: LDAP Test Successful. Closing connection. - aschrum 3 years ago

Answers (1)

Posted by: JasonEgg 3 years ago
Red Belt

Technically, there is a way to query LDAP within SQL but it requires plugins that are not included in KACE's SQL server (which is actually MariaDB, a GNU version of MySQL). So, unfortunately, it will require some manual work. My first idea would be to generate a list of computer names from LDAP in the form ("Comp01","Comp02","Comp03") then paste that huge list of devices into a query with "WHERE MACHINE.NAME NOT IN [list]". Another thing that might work is importing a LDAP-generated CSV into Assets, associating the asset data with devices. Then, any "orphaned" asset would be one of your missing computers. I have very little experience with the Asset module, though, so I don't know exactly how that would work.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ