Many times when I visit customers and discuss their SCSM environment many people have included computer accounts via the AD Connector as they either didn’t configure the AD connector correctly in the first place or their read some comments on a blog post somewhere (potentially written by yours truly) to do this to allow the AD SID to be imported to help with Cireson Asset Management.
The issue with importing computer accounts via the AD Connector is that the computer accounts that appear in AD may not have valid data in SCCM and therefore when the Cireson Asset Management workflows run and Hardware Assets are created from the imported windows computer CI’s the computer accounts that do not have SCCM data are created but do not have valid SCCM inventory data.
However, we need the AD SID to be able to verify if the asset is actually a new asset or an existing asset that was just renamed. So we need a way to import the AD SID of just the machines that have SCCM data.
The best way to do this is to look to SCCM for the data as SCCM imports information, like the AD SID.
The way to do this is to use the Asset Import Connector to grab the data and update the Windows Computer CI’s with just the data we need.
Create an Asset Import Connector by going to the Administration workspace, select connectors and select create New Connector:
- Select Asset Import Connector from the Create Connector task in the SCSM console.
- Give the connector a name that works for your naming conventions.
- Select a management pack to store the detail in as per your organizations naming convention. (See SCSM Management Pack Naming Best Practice blog article).
- Select SQL query option from the Alternative Data Sources
- Open the SQL Connection String to create or edit a SQL Connection to your SCCM server.
- Enter the SCCM DB server and instance and enter the SCCM DB name and test the connection settings work.
- For the SQL query enter the following, replacing <Domain name> with your specific domain name:
- SELECT CONCAT( Netbios_Name0, ‘<Domain Name>‘) AS DisplayName, SID0
- FROM dbo.v_R_System
- Click Execute query to ensure there are valid results returned. If no results are returned, double check your query and connection settings.
- With valid results, select the Windows Computer CI class.
- There is no need to select a combination class as the base class is the item we need to update for Cireson Asset Management to update the required details.
- Add a Workflow log file location to help diagnose any issues. NOTE: The location must be accessible from the workflow server by the Workflow account.
- Select the options that work for your environment. If you wish to test the connector before making any writes tot eh database, select the Test Mode option to see the output in the workflow log location defined above.
- Once all the settings are set as desired, Click Next.
- Select the “Display Name” and “Principle Name” properties and map it to the Display Name field that is returned from the SCCM Query.
- Select the Active “Directory SID” property and map it to the AD SID field that is returned from the SCCM Query.
- Click Next.
- Set a schedule and click Create.
Select Synchronize now to force the connector to run and check the results by viewing the Windows Computers CI’s and verifying that the Active Directory SID is populated or, if you have set the options to test mode, check the log file for the data that would have been imported.
As the Asset Sync workflow runs (depending on the schedule set in the administration settings) the AD SID will be updated in the Hardware Asset record.
This property is then used to verify if the Windows Computer CI found is an existing record renamed or an entirely new record.
I hope this helps people out there get the best results possible.