I have figured out a way using current LDAP label behavior to install software automatically on a computer according to a user's group membership in Active Directory.

Example: A new employee started this week and you need to have Adobe Reader installed on their computer.



1. Create a group in Active Directory (AD) called "Software Adobe Reader". This will be a group of all users that have Adobe Reader installed.

2. Create a normal label in KACE and name it "Adobe Reader Install". Put some notes in the "Notes" field so you don't forget what this is doing. Select the checkbox for 'Computer Inventory' and 'Software' and leave the rest blank.

3. Create a LDAP label in KACE and choose the Associated Label Name "Adobe Reader Install" which you just created in step #2. Follow the example LDAP label configuration below. After this LDAP label is created it will be looking to the group "Software Adobe Reader" in AD. This LDAP label checks if the user is a member of the group "Software Adobe Reader" in AD, and if they are, it applies that LDAP label to their computer.

NOTE: LDAP labels cannot be applied to users, only computers. This means that your user list under Service Desk > Users cannot have LDAP labels applied to them according to AD membership. This is because users don't sync with KACE, computers do. I sure wish it would work though!

Example LDAP Label Configuration:

Server Hostname: YourServerName/IP

LDAP Port Number: YourPort (example: 389)

Search Base DN: DC=YourDomain,DC=com

Search Filter: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=Software Adobe Reader,OU=SoftwareDeploy,OU=IT Department,DC=YourDomain,DC=com))

LDAP Login: CN=kaceldap,OU=Users,DC=YourDomain,DC=com (or wherever your account is to your LDAP authentication account)


Visual of above, albeit kinda small...

4. Apply the normal label created in step #2 above to a script or MI so that that task will be ran on that computer when it has that label.



In Active Directory add the new employee to the AD group "Software Adobe Reader". The next time the computer the new user is using checks into KACE it will get the LDAP label "Adobe Reader Install", then the script(s)/MI(s) will run since the label "Adobe Reader Install" is now applied on that computer and is also associated to the script/MI.