Using PDQ Deploy & Inventory With Multiple Domains

Purpose:

You are a Systems Administrator who is responsible for multiple domains and you wish to manage them all from a single PDQ server.

Resolution:

This guide will cover environmental requirements, how to add credentials, sync multiple domains with AD Sync, using Central Server mode, scanning computers, and deploying to computers across multiple domains.

If you need to work with computers that aren't on a domain, please refer to our Knowledge Base article Working with Non-Domain (Workgroup) Machines.

Environmental Configurations:

Just like working in a single domain, your PDQ server will need to meet the following criteria in order to be able to Deploy and Scan to your targets in different domains:

  • The PDQ server will need to be able to resolve the target computer's hostnames via DNS.
  • The PDQ server will need to be able to ping the target computers.
  • The PDQ server will need to be able to communicate bi-directionally with the target computers via SMB using the Deploy and Scan User's credentials.

Background Service, Repository, and Copy Modes:

The general permissions for your PDQ service account are covered in the Knowledge Base article PDQ Credentials Explained. For a multi-domain environment the permissions required for your Deploy Users to the PDQ Deploy repository will be determined by the copy mode you are using.

If you are using the Push Copy Mode: Only the Background Service will require Read / Write access to the PDQ Deploy repository.

If you are using the Pull Copy Mode: All Deploy Users and your Background Service will require Read / Write access to your PDQ Deploy repository.

In a multi-domain environment, we also recommend that your Background Service User be a local account on your PDQ server instead of a domain account. This account will also need to be an Administrator on the PDQ server. The Background Service Account can be changed in both applications by navigating to Options > Background Service > Change.

Adding Credentials From Different Domains:

In both PDQ Deploy and PDQ Inventory, credentials for the Deploy & Scan Users are added in the same way, and this process is covered in the following article.

Adding and Using Multiple Credentials in PDQ

Adding Computers to PDQ Inventory From Multiple Domains:

When adding computers, the Scan User that you use to import the computer will be assigned as the Scan User for those computers. If you need to change the Scan User for your computers, you can right click an individual or group of computers and choose Select Scan User.

Active Directory Sync:

Navigate to Add Computers > Active Directory - Sync.

Select Include Container.

IncludeContainer.png

Select Change Domain.

ADSyncCHangeDomain.png

Select Add Domain, uncheck Current User, and either choose the Scan User with the drop down or add a new Scan User using the Edit Credentials button.

BrowseByNameAddDomain.png

Once you've added the domain with the proper credentials, choose the OUs you wish to sync.

Active Directory - Browse By Name:

Navigate to Add Computers > Active Directory - Browse by Name.

To add the new domain, select Change Domain.

BrowseByNameChangeDomain.png

Select Add Domain, uncheck Current User, and either choose the Scan User with the drop down or add a new Scan User using the Edit Credentials button.

BrowseByNameAddDomain.png

Once you've added your other domain, you can browse your OUs and choose computers to add. 

By Name:

Navigate to Add Computers > By Name. Choose the Scan User with the drop down or add a new Scan User using the Edit Credentials button.

You can type in an individual computer's hostname in the Add section or you can import a list of computers with a TXT or CSV file by selecting Import

AddComputerByName.png

Deploying Packages to Targets Across Multiple Domains:

Deploy Once:

If you are deploying to targets in a single domain, you will need to either choose the Deploy User with the drop down or add a new Deploy User using the Edit Credentials button.

If you are deploying to targets across multiple domains, be sure to check the option Use PDQ Inventory Scan User credentials first, when available.

DeployOnceUser.png

Using Schedules:

If your Schedule is targeting computers in a single domain, you will need to either choose the Deploy User with the drop down or add a new Deploy User using the Edit Credentials button.

If your schedule is targeting computers across multiple domains, be sure to check the option Use PDQ Inventory Scan User credentials first, when available, in the Options tab of the schedule.

ScheduleChooseDeployUser.png

Using Central Server Mode Across Multiple Domains:

Central Server Requirements:

The general requirements for using Central Server mode can be found in our Knowledge Base article Windows Firewall Ports and Exceptions. The only difference in a multi-domain environment is your PDQ server will need to be able to authenticate any Console Users against their Domain Controller.

Adding Console Users:

From your Central Server Console, navigate to Options > Console Users > Add

Enter the Domain and Username for the user that you wish to add, as well as the password for the Background Service User.

AddConsoleUser.png

Configuring the Client Console:

When installing the Client Console, after entering your PDQ License you will be asked to install Local, Central Server, or Client Console. Choose Client, and on the next menu enter the FQDN of the PDQ Central Server. If your Client Console computer is capable of communicating with your PDQ Central Server over the designated ports, then your Client Console will now connect back to your PDQ server in a different domain. The default ports are 6336 for PDQ Deploy and 7337 for PDQ Inventory.

ClientConsoleSetup.png

See Also:

Article - Working with Non-Domain (Workgroup) Machines

Article - PDQ Credentials Explained

Article - Adding and Using Multiple Credentials in PDQ

Article - Windows Firewall Ports and Exceptions

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.