About This File
This RAWSQL monitor uses data from the Active Directory Plugin to check for active AD Computer Accounts with a Windows OS that have recent logon times, and that do not have an Automate Agent installed. This is helpful to identify computers that were joined to the domain without the proper procedure, or computers that your agent deployment has not succeeded in reaching. The alert will be targeted against a probe computer for each client, you will need to read the alert body (or subject) to find out the name of the computer without an agent. Because the alerting is "Probe" centric, be aware of the following:
If you enable group targeting, and your targeting excludes the probe computer for a client, no machines will be reported for that client.
If you have no probe at any location for a client, no machines will be reported for that client.
The alerts now are applied against the DC used for the AD information gathering, so it no longer generates alerts using probe agents.
If you Exclude or Ignore the "computer", you are really excluding the Probe AD Controller Computer, and if you do this no machines will be reported for that client.There is no simple way to Whitelist machines that do not have an agent installed on purpose. You will just have to live with them being reported. To prevent a computer from triggering an alert if it should not have an agent, just update the computer description in Active Directory to have the word "Exclude". Examples: "Exclude From MSP Management" , "Excluded from Automate Agent deployment", etc.
To Import: In Control Center, open Tools -> Import -> SQL File. (System->General->Import->SQL File in Automate 12) Select the file, and you should be asked to import 2 statements. (Cancel if it tells you a different number). The Monitor will be named "Domain Computer Without Automate Agent", and it should run every 6 hours. If you already have this monitor, you can safely import and it will apply the updates to your existing monitor.
Keywords: active directory domain joined computer object account missing labtech automate agent machine monitor
What's New in Version 3.0 See changelog
Released
Big Fixes!
- In my testing, query is about 10x faster than the previous version!
- Computers can now be ignored by updating the description in Active Directory, no need to hardcode exceptions for computers that are intentionally ignored.
- Easily modifiable Major.Minor version check to ignore specific Windows versions (XP/2003).
- Correctly associates computers in child domains to the correct domain controller (prevents computers in a child domain from reporting as missing from the root domain).
- Correctly associates missing computers to domain controller that reported them (resolves a potential issue when two clients have identically named domains).
- Associates alerts to the DC that reported information, not just a random Probe or Server computer. (Before the lowest server ID was used).
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.