How-to represent/add devices like IP-Cams, Printers, VoIP-Phones etc. in Active Directory

-1

I have a number of devices neither fitting the category "Human" nor "Computer", but needing some of their characteristics, like "email-address", or MAC.

e.g.

  • IP-Cams: They need an email-address, and I need to store the MAC
  • VoIP-Phones: Needs MAC, Exten, Phone-Nr., Model-Nr.
  • Printers, but not having "\\server\QueueName" UNC paths.

My most pressing problem is are the IP-Cams, they send events via email, and my AD-connected mailserver is not happy, because the email-address cannot be looked up in the AD. But if I create the IP-Cams as "users", they will turn up in all sorts of users lists, etc. So none of the object templates fit really well. What's the recommended procedure for this case?

So I think my question boils down to: How do I create custom object type templates for AD in such a way, that the graphical RSAT continue to be able to display/manipulate them?

In case this info is needed: I use ADUC from RSAT@Win7Pro to connect to my AD-forest running on several Samba4 DC machines on Linux. Logon/Mail for human users works well, and normal PCs, so I don't think my AD is faulty.

OH, and yeah, If a mod wants_to/could migrate this to ServerFault, that is fine by me.

Alex Stragies

Posted 2016-07-04T05:31:02.467

Reputation: 1 320

If one of the mods deems this Q more appropriate at ServerFault, I have no problem with this being moved there, and all my comments on this Q deleted. I would do I myself, but I don't know how. – Alex Stragies – 2016-07-05T20:04:28.730

Answers

0

The objects you get are the objects you get. What you should do for the cameras is create service account with no rights what so ever for the email address. You should be able to create just one and use it for all, unless each camera needs its own ip address. Some cameras have settings where the title of the email can have the camera desc or other field, but without knowing the camera I cannot help there.

Depending on your mail server and how that is set, you may not even need to create a user, just an additional email address for the camera(s)

I am unsure why any network infran needs to have VoIP unless its to pull phone number by AD, and if this is the case, possibly create a low level service account.

Tim

Posted 2016-07-04T05:31:02.467

Reputation: 578

Thanks for answering. But, even if I reduce my email addresses to 1/device-category, I still end up with lots. + starting with the user template to "for the email address", I invariably end up "polluting" all kinds of user directories (that should normally only contain humans) with many service accounts for printers, ip-cams, voip-devs, etc. And yes, I want the DHCPd, and the voip-phone-provisioning, and the IP-PBX to get info from AD, and plan to make the link user <-> voip-phone by using an "extension" attribute for the voip-phones to match up with "desk phone-attribute", for example. – Alex Stragies – 2016-07-17T18:42:55.850

Asked: 2016-07-04T05:31:02.467

Viewed: 51 times

Active: 2016-07-17T18:58:51.230