Assignment rules
Assignment rules determine how servers are synced from Active Directory (AD) and assigned to projects. Rules are applied in the order they’re listed; higher priority rules are listed first. You can drag and drop rules to change their priority.
When a job runs, multiple rules may match a server, but the server is assigned based on the rule with the highest priority.
Assignment rules consist of several parts:
- Base DN: Controls where the rule searches for servers
- LDAP Query: Controls the specific criteria used to filter servers
- Assigned Projects: Specifies a project to associate with matching servers
Common Base DN settings
You can use the Base DN setting to control where the LDAP query searches for devices. By default, the search scope uses the domain information you specified when creating the connection.
| Usage | Example |
|---|---|
| Search the consumer organizational unit within the ocorp.com domain | OU=consumer,DC=ocorp,DC=com
|
| Search the prod organizational unit within the live.ocorp.org domain | OU=prod,DC=live,DC=ocorp,DC=org
|
| Search the devops object located in the eng organizational unit within the test.ocorp.edu domain | CN=devops,OU=eng,DC=test, DC=ocorp,DC=edu
|
Common LDAP queries
You can adjust the LDAP query to locate devices that meet specific criteria. The following examples will likely need to be modified to fit your specific needs. By default, assignment rules include an LDAP query to locate every computer within the search scope.
| Usage | Example |
|---|---|
| Locate every computer | (objectCategory=Computer)
|
| Locate every computer running Windows 10 | (&(objectCategory=computer)(operatingSystem=Windows Server 10*))
|
| Locate every computer running Windows Server 2016 that isn’t a domain controller | (&(!(primaryGroupId=516))(objectCategory=computer)(operatingSystem=Windows Server 2016*))
|
| Locate every computer with RDP in the description | (&(objectCategory=computer)(description=*RDP*))
|
| Locate every computer with RDP in the description that isn’t running Windows Server 2016 | (&(objectCategory=computer)(description=*RDP*)(!(operatingSystem=Windows Server 2016*)))
|
Assigned projects
Any servers that match the rule are assigned to the specified project.