Home » Adding a domain/workgroup
Applicable For Endpoint Central MSP 
 
 

Scope of Management functionalities

A network is usually based on Windows Active Directory or Workgroups. System administrators can configure how Endpoint Central behaves when a computer is added or removed from the Active Directory. This is possible by configuring the SoM Policy. From there on, onboarding these computers onto Endpoint Central is just a click away!

This document aids in providing all that you need to know to configure Scope of Management in Endpoint Central. 

  • Discovering domains/workgroups
  • Adding AD Domains
  • Adding Workgroups
  • Modify domain credentials
  • Configure SoM Policy
  • Troubleshooting
  • Next Steps

    • Discovering Domains / Workgroups

    To view the discovered domains/ workgroups or to initiate the discovery, select Agent tab -> Scope of Management -> Domain. This will list all the domains belonging in Endpoint Central. Click on Discover Domains button.

    Adding Domains

    AD Domains are usually automatically detected but for some reason if you have to add a domain manually:

    1. Navigate to Agent -> Scope of Management -> Domain -> Add Domain
    Parameter Description Type

    Domain Name

    Name of the domain. This is usually the NetBios or the pre-2000 name of the domain

    Mandatory

    Network Type

    Select "Active Directory" option

    Mandatory

    Domain User Name

    This should be the domain user name that has administrative privileges in all the computers of that domain. It is recommended to have a dedicated domain admin user account whose password policy is set to "Never Expire"

    Mandatory

    Password

    Password of the domain admin user

    Mandatory

    AD Domain Name

    The DNS name of the Active Directory Domain

    Mandatory

    Domain Controller Name

    The name of the domain controller. If you have multiple domain controllers, provide the name of the domain controller that is nearest to the computer where Endpoint Central Server is installed

    Mandatory

    Enable the checkbox to use LDAP SSL

    By enabling this checkbox, the communication between Endpoint Central server and Active Directory will be secured. The default port used is 636.

    Optional

    If you have problems in adding the domains, refer to our online knowledge base for possible reasons and solutions.

    Adding Workgroups

    Follow these steps to add a workgroup:

    1. Navigate to Agent tab -> Scope of Management -> Domain -> Add Domain
    Parameter Description Type

    Domain Name

    The name of the workgroup

    Mandatory

    Network Type

    Select "Workgroup" option

    Mandatory

    Admin User Name

    A common user name which has administrative privileges in all the computers within that workgroup. It is recommended to have a dedicated user account for Desktop  whose password policy is set to "Never Expire"

    Mandatory

    Password

    The password of the common admin user

    Mandatory

    DNS Suffix

    This is required to uniquely identify a computer within a workgroup. For example, if you have a computer with the same name in two different workgroups, the DNS suffix is used to identify it uniquely

    Optional

    If you have problems in adding the workgroups, refer to our online knowledge base for possible reasons and solutions.

    Computers in Novell eDirectory based network are managed as Workgroups in Endpoint Central.

    Click here to watch the video on configuring the domain details:

    Configuring domain details

    Link

    Changing the Domain or Workgroup Credentials

    Endpoint Central requires user credentials to perform tasks such as AD sync and remote agent installation. The credential provided when adding a domain/workgroup is used for this purpose. When the username/password provided while adding the domain/workgroup has changed later due to password expiry or other reasons, you need to update the correct credentials from Agent -> Scope of Management -> Domain -> to avoid getting "Access Denied" errors while performing any remote operations.

    To update the credentials, choose to Modify against the corresponding domain/workgroup under Actions column. Edit the credentials and click Update Domain Details.

    SoM Policy - How to add/remove computers from Endpoint Central

    IT administrators can automate the provisioning and de-provisioning of computers on Endpoint Central by configuring SoM policy. Therefore, you will find all the computers that exist in the Active Directory but are not managed in Endpoint Central. This helps you to quickly add or remove computers for management.

    The synchronization will happen at a specified time every day. It can be configured to notify you whenever a change is detected. You may also initiate the sync option as and when required with sync-only modified data and sync all option:

    • Sync Only modified data - Sync-only modified data will list only the changes that have happened after the previous Sync. So the computers which are added or removed after the last Sync will be listed here.
    • Sync All -  Sync all will obtain a comprehensive list of all computers added to or removed from the Active Directory.  

    To enable synchronization follow the steps below:

    1. Select Agent -> Deployment -> SoM Policy tab.

      2. To Detect and Add New Computers

    2. Enable the checkbox to Detect and Add New Computers.
    3. Specify the action that needs to be performed when a new computer is added to the Active Directory or Workgroup:
      • Install agent automatically and notify me.
      • notify me. 

      4. Delete Inactive Computers

    4. Enable the checkbox to Delete Inactive Computers.
    5. Specify the action that needs to be performed when a new computer is removed from the Active Directory or it has been inactive for a long time:
      • Remove the computer from the SoM automatically and notify me.
      • Notify me. 
      • Take no action.
    6. Specify the number of days allowed for the computers to be inactive for the action to be performed.
    7. Specify the notification mail message that needs to be displayed while a computer is inactive for a long time.
    8. Note: Performing this action will result in the uninstallation of agents installed on the respective computers but none of the policies/configurations(deployed by the agent) will be revoked.

      9. Schedule Sync

    9. Specify the time at which the sync should happen. The time should be specified in 24 hour format and the sync will happen at the same time everyday.

      10. Select Target

    10. Click Add Target to select the Domains/OUs that you want to sync with the SoM policy.
    11. If you wish to be notified on any change, select "Enable Email Notification" and specify the "To Address", subject and message.
    12. Click Save

    You can choose to exclude computers for management purpose. Excluding here, refers to removing the computers, which need not be managed by Endpoint Central. However, those computers will not be removed from your domain. You can select them, click on "Exclude Computers" button by navigating here : Web console -> SoM ->, SoM Policy -> Exclude Computers. You can view all the excluded computers, and choose to install agents anytime in the future. 
    Note: This feature is available only when SoM -> SoM Policy ->AD Sync Settings -> Detect and Add New Computers > Notify me option is enabled.

    Click here to watch the video:

    Configuring SOM policy

    Link

    Troubleshooting from SoM

    You can troubleshoot agent installation for computers in which agent installation has failed. This can be done by:  

    • Navigate to Endpoint Central -> Scope of Management -> Summary.
    • Click on Troubleshoot now under Agent Version.