Collecting Active Directory object inventory

A DriveLock Enterprise Service is capable of reading all users, computers, groups and OU information from the current Active Directory (that is, the same domain the DriveLock Enterprise Service user account belongs to) as an AD object inventory and storing it in the DriveLock database so that it can be used within a DriveLock configuration.

Use this option especially when you want to create a DriveLock configuration for DriveLock Agents with permissions for users or groups from another domain.

If you start the DriveLock Management Console from a computer located in the same domain as the one you are creating the configuration for, it is not necessary to read the users and groups from the Active Directory, as the DriveLock Management Console can access this data directly. However, even in this case, the AD object inventory can be used for configuration and can lead to a performance advantage over direct access, especially in larger AD environments.

To allow a DriveLock Enterprise Service to create an Active Directory object inventory, you must first enable this option in the DriveLock Enterprise Service settings.

Since the Enable Active Directory object inventory option is enabled by default, DriveLock Enterprise Service automatically determines all users and groups in the current domain once every 24 hours and synchronizes them with the data stored in its database. The data is also stored separately for each tenant, if you have created more than one tenant.

Once an AD object inventory is available, it can be used during configuration within the DriveLock Management Console and DriveLock Operation Center (DOC).

Here you can activate the option to automatically load the AD object inventory. If you want this process to take place automatically once a day, activate the corresponding option here as well. The time of the last successful upload process is also displayed.