Summary
Express Software Manager uses standard Microsoft API calls to collect machine name and user name information from Active Directories. In addition, NT 4.0 Domain discovery will discover active machines in the current NT 4.0 domain. The purpose of this technical note is to identify configuration options that allow you to restrict collected information to a specific Active Directory Organizational Unit (OU), extend the discovery to additional Active Directories or child domains, and extend the discovery to additional NT 4.0 Domains.

Active Directory Discovery
The default Active Directory discovery that is initiated by clicking on Tools | Discover Machines and Users will collect all the machines and users in the parent domain from within the current Active Directory. In some cases an organization may want to limit the Active Directory discovery to a specific OU within the entire Active Directory. In other cases a customer may want to include additional Active Directories or child domains. Express Software Manager 7.0 includes a workstation discovery feature that provides the administrator with a way to discover client machines in their environment by querying the current domain or Active Directory. By default, a domain discovery will be issued during the Evaluation Wizard process. If you have Active Directory in your environment, you can select that as the discovery mechanism and rerun discovery via the Tools | Discover Machines and Users menu item in the Administrative Console.

Active Directory discovery will return information about all machines and users in your Active Directory. If your company's Active Directory is very large and you are only interested in a portion of it, you may wish to restrict the information returned during Active Directory discovery to those machines and users in a specific OU. You can specify this by adding a "Discovery" folder to the registry in the following location: (Note: If you have already run Active Directory discovery, this folder will already exist.) In this folder, create a new String Value called "LDAPPATH" and set its value to the string that represents the OU you are interested in, in Active Directory format.

For example, if your Active Directory is "Mycompany.com" and you want to restrict the Active Directory discovery to the "Seattle" organizational unit, which is in the "Washington" OU, which is in the "Western_US" OU, you would set the value of this registry key to: Note: OU hierarchy is specified from most to least specific. In the other Active Directory discovery configuration descriptions below, use this same registry key any time you are asked to specify an Active Directory path. The process described above only allows you to specify one OU at a time. If you need to include multiple OUs, follow this process:

1. Specify the first OU to discover in the registry and initiate a discovery.
2. Create a user-defined machine group and copy the machines discovered from the first OU to the user-defined machine group. This step is necessary because each time a discovery is initiated from within a parent domain, data collected in a previous discovery from within the same parent domain is overwritten.
   
   Note: To create a user-defined machine group, select Add Machine Group in the File menu in the Administrative Console, enter the machine group name, and click OK.
3. Specify the second OU to discover in the registry and initiate a discovery.
4. Repeat the process as needed for additional OUs.

In some companies you have multiple namespaces within an Active Directory. For example, you may have a namespace called Mycompany.com and you may have a name space called AnotherCompany.com. In this example, the default Active Directory discovery would populate the Machines Panel with Mycompany.com. You could then change the registry setting to collect the second namespace: and rerun Active Directory discovery.

Note: Since the parent domain of an additional namespace is different from the default, it will not overwrite the first. To add a child domain of an existing Active Directory, set the registry value to: For example, if the child domain is called ChildOne and it exists within a parent domain called Master, the command would be: The default domain discovery will provide a list of machines currently turned on in the current domain. The current domain is the domain in which the Express Server is installed. The following process will allow you to populate the Express Machines panel with remote domains. It assumes that the Express Components are already installed in the current domain.

1. Run esmsetup.exe on any computer in the remote domain and install only the Express Server component.
2. Open the Express Administrative Console in your original Express Software Manager installation.
3. Click on Tools | Connections | Express Server.
4. Enter the machine name or IP address of the remote domain computer on which you installed the Express Server.
5. Click Connect.
6. Close the Express Administrative Console and reopen it. When it restarts it will prompt you for the database location. You need to enter the machine name or IP address, proper credentials, and database name to connect the remote Express Server to your Express Database.
   
   Note: The Express Server runs as a service on the remote machine. By default, it runs under the SYSTEM account which may or may not have authorization to see the machine on which your Express Database is installed. If this account does not have access to your database machine, you must modify the service's log on property to specify an account that does have access. You can make this change by bringing up the Services control panel, locating Express Server, right-clicking on it and selecting Properties.
7. Click on Tools | Discover Machines and Users, and choose Discover from NT Domain.

Upon completing this process you will have two domains listed in the Discovered folder of the Machines panel. You can repeat the process to add additional Domains. Once you have added all Domains, you can switch back to the local Express Server to manage the product.

Note: Wherever the Express Server is installed, several tasks are schedule via the Scheduled Tasks control panel to perform scheduled operations. You should disable or delete all three scheduled tasks on your remote Express Server machine.