Deploy Software per AD User

Hello all,

is it possible to deploy software for an AD User and not for an AD computer?

We have a few users switching workplaces and thus would like to deploy software based on organizational groups rather than PC groups.

If that is not possible, how do you make sure that only active PCs are in your active directory?

Testing with PDQ deploy and PDQ inventory shows roughly 100 PCs in our AD-environment, but I know we only have around 60 active, including servers.

With kindest regards, Niklas



  • Hi Niklas - I would focus more on your active PC issue, as sorting that out will make the rest of what you want to do much easier.

    Are you using PDQ's AD Sync in Inventory? If so, depending on your sync settings, there are ways you can create collections to sort out machines based on their last activity/logon time. Here is how I am doing this -

    List all machines who have not checked into AD for more than x days

    You can set the amount of time to anything you want - I use 45 days because the AD Last Logon field can be inaccurate up to 14 days (more or less - so if the time shows "Last logon 15 days ago", it could actually be 1 day ago or up to 30 days). By using 45, I am able to be fairly certain it as been at least 30 days since the last time it checked into AD.

    And the final check of "Is Online" is simply to make sure any false-positives related to DNS are ignored - if a machine is online it is usually in use by someone, regardless of what PDQ or AD is showing.

    And to filter for disabled devices, you can use - Filter disabled devices

    I think the first collection above would get you to where you wanted to be - just make sure to verify each machine before you disable/remove it from AD.

  • Dear Ryan,

    Thank you very much! That does help a lot, as it identifies which PCs I can delete from AD and DNS, after rechecking of course.

    I would really like to use PDQ Inventory Sync, but we have not, yet, set up any AD containers. We are currently working on that. Can I sync without AD containers?

  • Yes, you can sync without any OUs (containers). You would just choose the root that your computers reside in. It might make things more messy for you initially, but it should work. If you don't want to sync your whole forest, you can use the "Include" and "Exclude" options in the Preferences section to select only those containers you choose (since AD comes with some default OUs already).