I'm trying to get clients to report their Active Directory distinguishedName attribute in their inventory data to allow us to build smart groups based on AD OUs. With help from previous posts on here I found a way to do it via a script Extended Attribute. However, seeing as there's meant to be functionality to do this with an Extended Attribute of type LDAP Attribute Mapping, I'd rather do it that way - problem is I can't get that to work!
My non-working Extended Attribute is configured as follows:
Data Type: String
Inventory Display: General
Input Type: LDAP Attribute Mapping
LDAP Attribute: distinguishedName
I've also ensured that "Collect user and location information from LDAP" is enabled in Computer Inventory Collection.
The attribute appears in the inventory for computers but is empty.
As I say I can get this with a script, but I'm concerned why this isn't working for us given that we plan to use a few more similar attributes for things like mapping user's workspaces etc.
Anyone have any idea what the problem might be? Could it be object permissions in the AD perhaps?
