This article describes how to use the GFI Landguard Synchronize with Active Directory feature to synchronize the LanGuard console Computer Tree with the AD structure in order to add new computers, update the OU information for the existing machines, or remove devices that are no longer there to release licenses.
The Synchronize with Active Directory feature allows you to detect the differences between the Computer Tree and the Active Directory, and with your approval synchronize the information to:
- add computers that are in Active directory but not yet in LanGuard
- move computers to the correct Organizational Unit (OU) in the LanGuard Computer Tree
- remove computers that have been deleted from Active Directory but are still present in GFI LanGuard.
The wizard must be run manually to prevent unwanted changes, in case there are compliance requirements and scan results must be kept in the database for a certain amount of time, or some specific computers should not be added.
Follow these steps to synchronize with Active Directory:
- Right-click the computer tree and select Synchronize with Active Directory.
- Enter the domain credentials required to retrieve the domain's OU and click OK.
- Click Next to start the synchronization process.
- Review the displayed list of changes that this process will perform. It shows where specific computers will be repositioned with respect to Active Directory Organizational Units.
- Click Next.
- Review the list of computers that will be added to LanGuard from Active Directory.
- Click Next.
- Review the list of computers that are no longer present, or have been deleted from Active Directory.
- Click Sync to start the synchronization process.
The synchronization process logs information mainly in lanss_vXXX_configtools.csv and lanss_vXXX_common.csv debug log files.
Upon synchronization process completion the wizard displays the summary of the operations performed and the results.