Set up scheduled tasks to use AD groups instead of specific compuers

Question

I currently have Patching rules set up to run based on static lists in Patch Manager, but the problem with this is in order to add (or remove) computers, I need to re-create the task.

It seems like it is possible to set up the tasks using AD groups, so in theory, if computers are added or removed from said group, the task would automatically be adjusted accordingly, however, it seems something's missing in my setup.

I'm using AD groups and GPOs to enable client side targeting, so when a machine is added to a group, it gets the SUS settings and gets added to the appropriate SUS group.

When I try to look for an AD group to use, the 'Windows Network' and Active Directory' scopes are empty, so I can't select our AD domain and the group.

Any suggestions what I'm missing in my setup?

kellytice · Answer

Go to Patch Manager System Configuration -> Management Groups -> [select your management group - likely named 'managed enterprise'].

In there you'll want to run the wizard that's in the right-side Actions Pane (or it is available by right-clicking the management group name).

You'll want to choose the option to add an Active Directory Domain.

When you add your domain:

* the top box is the 'short' name (NETBIOS name) of the domain, e.g.  MYDOMAIN
* the second box is the fully qualified name of the domain, e.g. MYDOMAIN.COM
* if you click "resolve" after entering the first two boxes, it should fill in the 3rd box for you
* the 4th box (domain controller) is optional; you can leave it blank unless you need to set it
* once you have those filled out you have to hit the little green "add domain/workgroup" button so that it shows at the bottom, then you can finish the wizard.

Once that is done, you now should be able to browse the domain under "microsoft windows network" on the left pane.

if that throws any errors about permissions, you may need to add a rule for the domain into the Credential Ring wizard.

(Patch Manager System Configuration -> Security and User Management -> Credential Ring tab -> double-click your credential ring (probably called 'default'))