Create and Update Directory Queries

You can create an Active Directory or LDAP query to retrieve information from Active Directory or LDAP to populate a Smart Rule. To work with directory queries, the BeyondInsight user must be a member of the Administrators group or assigned the Asset Management permission.

Create a Directory Query

Create a new directory query or clone an existing query as follows:

1. In BeyondInsight, navigate to Configuration > Role Based Access > Directory Queries.
2. Click Create New Directory Query or click the vertical ellipsis for an existing query and select Clone.
3. Select Active Directory or LDAP from the Directory Type list.

Cloned queries keep the same directory type as the query being cloned.

4. Enter a name for the query in the Title field.
5. Select a stored credential for running this query or click Create New Credential to be taken to the Directory Credentials page where you can add a new one.

At minimum, the credential must have Read permissions on the computer assets you are enumerating.

6. Enter the directory path for the Query Target, or click Browse to search for a path and add it.
7. Select a scope to apply to the container: This Object and All Child Objects or Immediate Children Only.
8. Select an object type: Computer Objects or User Objects.
9. Enter the directory path for the Query Target, or click Browse to search for a path and add it.
10. Select a scope to apply to the container: This Object and All Child Objects or Immediate Children Only.
11. Select an object type: Computer Objects or User Objects.
12. Enable or disable the Dynamically refresh results each use option.
13. Provide a Name and Description or use the * wild card character to match multiple values for the Basic Filter.
14. Optionally, click Advanced Filterto provide an LDAP Query.
15. Click Test to ensure the query returns expected results. We recommend you preview results before saving the query.
16. Click Create Directory Query.
17. A warning message displays the following: Creating or modifying Directory Queries can have a significant impact to the onboarding Smart Rules that use this query. Are you sure you want to save this Directory Query?
    • Click Confirm to create the query.
    • Click Cancel to return to the query form to make changes.
18. If you did not test the query (step 15), a warning message displays the following: Are you sure you want to save this Directory Query without previewing the results?
    • Click Confirm to create the query without testing it.
    • Click Cancel to return to the query form to make changes or test the query before saving it.

Update a Directory Query

Update an existing directory query as follows:

1. In BeyondInsight, navigate to Configuration > Role Based Access > Directory Queries.
2. Locate the query in the grid and click the vertical ellipsis to the right of it.
3. Select Edit from the menu.
4. Modify query details as necessary, and then click Test to ensure the query returns expected results. We recommend you preview results before saving the query.
5. Click Update Directory Query.
6. A warning message displays the following: Creating or modifying Directory Queries can have a significant impact to the onboarding Smart Rules that use this query. Are you sure you want to save this Directory Query?
   • Click Confirm to update the query.
   • Click Cancel to return to the query form if wish to make changes.
7. If you did not test the query after making changes, a warning message displays the following: Are you sure you want to save this Directory Query without previewing the results?
   • Click Confirm to save the updated query without testing it.
   • Click Cancel to return to the query form if you wish to make changes or test the query before saving it.

If you’re changing the Query Target, we recommend testing the query before saving the changes to ensure the changes are working the way you expect. Any Smart Rules using that query will use the new target list the next time the rule processes.