Default provisioning group / Auto provision / triggers


  • New poster here, my apologies if the topic has been discussed, however, I didn't see anything come up in the search material, short of imaging.

    My needs are a bit different from what I've seen thus far.

    The way we build things is based on a per-computer provisioning concept. The service desk provisions all of our computers. I'm attempting to simplify this process by joining the computer to the domain, in the default AD OU of CN=Computers.

    If a computer is placed in there, I would like to trigger events, the simplest form being the joining of it to a computer group and forcing a check-in, so the new computers can begin provisioning within a minute.

    The LDAP sync only occurs daily, however, and any "preprovisioning" documentation appears to be a list of computers to add to it (haven't come across any preprovision docs outside of the initial LDAP sync).

    In short:
    I want a computer joined to a computer group and to force a check-in ASAP after joining to the domain.

    Any suggestions/all criticism welcome.

    Thank you.


  • The way things work currently, a preprovision would be the only way to make this happen instantly. Could your servicedesk add the preprovision, or is this what you are trying to remove? Otherwise you would need to wait for an AD sync or a dynamic group update to occur. A few questions:

    How are you getting Toec installed? I'm assuming it will installed by the time the domain join is finished and the computer reboots.

    Can you explain this:

    the simplest form being the joining of it to a computer group and forcing a check-in

    Join to an AD group or Toems group? How would you know which group to join to?


  • @theopenem_admin
    Thanks for your speedy response.

    The preprovision may be where my confusion lies - thus far it appears to be a daily scan of the domain.

    • If the aspect is more dynamic I'd love to see it play out, but it does sound like I am trying to eliminate the service desk from having to operate within the openem center at all.

    Toec currently (not the only solution) is installed via a script - as I just set this up today... I came into a bit of an immature environment a while back and am attempting to merge familiar processes with a more evolved infrastructure.

    Joining the computer to the domain is easy enough for everyone at this point. I was assuming the simplest method would be to add a computer to an AD OU and set a policy on the OU itself within OpenEM, but it wasn't until later that I realized the Domain is scanned only once daily, at 1am.

    I'm not married to any one solution, really... but I love OpenEM as a resource and would love to implement any way of simply joining a computer to a Domain, and it auto-provisioning (software installs, computer name change, etc).

    The documentation is excellent - very clear and straight-forward, and once after doing, makes perfect sense. I just wasn't able to find anything in particular about setting up custom "pre-provisioning". I'm not sure if there is a more thorough doc source that I haven't come upon - so thus far only what is available through the https://docs.theopenem.com/ link.

    Thanks again!


  • There are currently only two ways to preprovison.

    • sync from ad

    • manually type them in the preprovision field

    I would need to add a new feature to try and handle this a different way, something such as an initial checkin policy or something. Also you can run the ad sync as often as you want. It just defaults to once per day.


  • @theopenem_admin
    I just noticed yesterday where the scheduler had it entered (was setting up my second instance). I will try to play around with that and see what we get.

    And yeah, a check-in init where a series of blanket policies themselves can be activated (or auto assigning to a group and forcing a re-checkin). The pieces are all there.

    Thank you, again!


  • @theopenem_admin
    Just in case you or anyone else were interested and hadn't tried it:
    I set the LDAP sync time to 4 minutes, and my provisioning scripts renames the computer and joins it to the domain.

    Typically by the time the computer reboots, the OpenEM has resync'd with AD and the default computer OU contains the computer. Having set the provision policy for that, it pushes down all the things I need... which is awesome.

    A point to note, currently with the recent version I downloaded (1.3.0.0), none of the policies will take hold until windows has updated to 20H2. Once it receives the cumulative 20H2 update and reboots, all policies launch immediately - without fail.

    Good tidings, and thanks again! - and if anyone has anything to offer in regard to the updates, I'm happy to hear it!


  • This is now handled better in 1.3.2. You can enable the new features in Admin Settings->Provision Tasks


  • I will upgrade and check it out! Let you know how it goes


  • Hello @theopenem_admin,
    Works beautifully. I really have very little else to say on it...

    I install the agent, and once windows updates are done processing (all msiexec is blocked while it is updating), my provisioning script renames the computers and joins them to my domain. Immediately after restarting, the software pushes in.

    Very well done, I am currently auto-adding after provisioning directly to a Toec Group - haven't tried an AD OU yet...

    Thank you so much!