Create an AD Bridge License Container

You can install AD Bridge licenses manually on each client, or you can install the licenses in Active Directory and manage them from a central location. In Active Directory, you must create a license container before you can import an AD Bridge license key file.

Recommendations

Review the following recommendations for creating a license container.

  • Manage licenses in Active Directory and create your license container in a common location at the highest level of the organizational unit (OU) hierarchy to which you have write access.

    For instance, if you have separate OUs for your Linux computers, creating the licensing container in a common location above the OUs for the Linux computers can simplify license management.

  • If you have a Default Cell, create the license container at the level of the domain.

Any OU may have a license container. The container need not be in the same OU as an AD Bridge Cell. The AD Bridge agent searches the OU hierarchy for a license container in the same way that it searches for a cell. When a license container is found, the agent stops trying to find a key in another container (even if the container it finds is empty) and checks whether the license is assigned to the computer. When the agent finds a license in Active Directory, it marks it as assigned to the computer.

When you create a license container, computers can automatically acquire a license. You can turn off automatic licensing depending on your requirements. However, after you create the license container you must assign a license to each computer manually.

For more information, see Assign a License to a Computer in AD.

If there is no license container in Active Directory, the agent verifies the license locally. This is a scenario reserved for licenses set with setkey-cli.

 

You must be a member of the Domain Administrators security group or have privileges sufficient to create and modify containers where you want to create the licensing container. We recommend that you do not create a license container in the Domain Controllers OU.

Create License Container configuration screen

To create a license container:

  1. In the BeyondTrust Management Console, expand the Enterprise Console node, right-click the License Management node, and then click Create License Container.
  2. Clear the Allow Computers to Acquire Licenses Automatically box to prevent computers from obtaining a license (Optional).

    If you clear the box, you must manually assign a license to each computer.

  3. Select the location where you want to create a container and then click OK.

You are now ready to import a license file, which will populate the AD Bridge licenses container in Active Directory with licenses for your Unix and Linux computers.

Add License Permissions

Add permissions to licenses in the root of the domain's license container in order for child domains to acquire and delete licenses.

To add permissions for child domains:

  1. At the root of the domain, right-click the license object within the license container.
  2. Add the child or domain computer's account .
  3. Allow Create all child objects and Delete all child objects.

Enabling Create all child objects and Delete all child objects will allow the child domain computers group to acquire and delete licenses from the parent domain.

When you leave the domain with --deleteAccount, the credentials used to leave that domain must also be added to each of the license objects with the intention that the license will be freed.

Import an AD Bridge License File

AD Bridge license keys are distributed in an XML file.Using the BeyondTrust Management Console on your Windows administrative workstation, you can import a license key file containing licenses.

When you import a license file an Active Directory object is created for every license. For example, if your license XML file contains 100 licenses, then 100 Active Directory objects are created.

You must create a license container in Active Directory before you can import a license key file.

  1. Make sure the XML file containing the licenses is available on your Windows administrative workstation that is running the BeyondTrust Management Console.
  2. Under Enterprise Console, right-click License Management, and then click Import License File.
  3. Locate the XML file that contains the licenses, and then click Open.

Turn on Automatic Licensing

If you turned off automatic licensing when you created the license container, you can turn on the feature at any time.

To turn on automatic licensing:

Assign Policy menu option

  1. In the BeyondTrust Management Console, expand the Enterprise Console node, right-click the License Management node, and then click Assign Policy.
  2. Check the box to allow automatic licensing and click OK.