In Nova Delegation & Policy Control (DPC) an on-premise agent can be deployed to interact with Active Directory in a hybrid environment. The agent executes a task called ‘Get On-Premises entities’ and this has some important options which should be considered. These options are:
- Match Group Organizational Unit
- Match User Organiational Unit
These are visible on the properties of the job, as shown below:
These checkboxes affect the way that objects are placed in the hierarchy. When the options are selected on-premise entities (like users, groups, contacts) from the Users container (in on-premise Active Directory) are placed in the domain root else they’re stored in the tenant root.
Here is an example to illustrate this:
When ‘tenant 1’ is scanned and the checkboxes are deselected – all entities are stored in the ‘Tenant 1’ Organizational Unit.
When ‘tenant 1’ is scanned and the checkboxes are selected – all entities are stored based on their on-premise location in Domain A, Domain C, root Organizational Units.