Assignment rules

Assignment rules determine how servers are synced from Active Directory (AD) and assigned to projects. Rules are applied in the order they’re listed; higher priority rules are listed first. You can drag and drop rules to change their priority.

When a job runs, multiple rules may match a server, but the server is assigned based on the rule with the highest priority.

Assignment rules consist of several parts:

  • Base DN: Controls where the rule searches for servers
  • LDAP Query: Controls the specific criteria used to filter servers
  • Assigned Projects: Specifies a project to associate with matching servers

Common Base DN settings

You can use the Base DN setting to control where the LDAP query searches for devices. By default, the search scope uses the domain information you specified when creating the connection.

Usage Example
Search the consumer organizational unit within the ocorp.com domain OU=consumer,DC=ocorp,DC=com
Search the prod organizational unit within the live.ocorp.org domain OU=prod,DC=live,DC=ocorp,DC=org
Search the devops object located in the eng organizational unit within the test.ocorp.edu domain CN=devops,OU=eng,DC=test, DC=ocorp,DC=edu

Common LDAP queries

You can adjust the LDAP query to locate devices that meet specific criteria. The following examples will likely need to be modified to fit your specific needs. By default, assignment rules include an LDAP query to locate every computer within the search scope.

Usage Example
Locate every computer (objectCategory=Computer)
Locate every computer running Windows 10 (&(objectCategory=computer)(operatingSystem=Windows Server 10*))
Locate every computer running Windows Server 2016 that isn’t a domain controller (&(!(primaryGroupId=516))(objectCategory=computer)(operatingSystem=Windows Server 2016*))
Locate every computer with RDP in the description (&(objectCategory=computer)(description=*RDP*))
Locate every computer with RDP in the description that isn’t running Windows Server 2016 (&(objectCategory=computer)(description=*RDP*)(!(operatingSystem=Windows Server 2016*)))

Assigned projects

Any servers that match the rule are assigned to the specified project. You must enable AD support on a project before you can assign it to the rule. See Enable Active Directory support for projects.

Related topics

Create a server sync job