Active Directory

For an on-premises deployment, three separate Active Directory service accounts must be provided.

1. Read-Only Account

This account is used to query LDAP for information about users and groups.

Role:Read-Only.
Function: Retrieves user and group information via the LDAP (or LDAPS) protocol.
Required Permissions: Must have the necessary rights to search and read user attributes in the Active Directory directory.
Location in the application: The credentials for this account will be configured in the Medulla configuration file (information requested in the delivery form).

2. Machine Enrollment Account (Imaging/Mastering)

This account is dedicated to provisioning and registering new machines in the domain during the imaging (or mastering) process.

Role: Rights to enroll machines in the domain.
Function: Allow computers to be added to the Active Directory domain.
Required Permissions: Must have the "Add workstations to the domain" right .
Process Integration: This account will be integrated and used bySysprep to perform the domain join operation during machine mastering.

3. Script Execution Account (Medulla Agent Installation)

This account is required for post-deployment administration tasks, specifically forthe remote installation of the Medulla agent via PowerShell, targeting a defined Organizational Unit (OU).

Role: List AD computers and run PowerShell scripts remotely with delegated rights.
Function: List computers in Active Directory. Install and configure the Medulla agent on client machines, targeting machines in a specific OU.
Required permissions:
- Delegated Rights on the Target OU: Must have rights to modify Computer objects and rights allowing the execution of remote commands (via WinRM or an equivalent solution) on machines in the specified OU.
- Access to network share: If the Medulla agent script or installer is stored on a share, the account must have read permissions on that share.
- List AD computers: Musthave the right to list AD computers to select the computers on which the agent should be installed.
Usage: This account will be used by the Python application to initiate and validate the execution of PowerShell scripts on the machines, ensuring that the agent is installed and that the machine is correctly assigned to the correct OU structure.

Network requirements for Medulla SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Remote Maintenance & Getting Started

Deployment (broadcasting)

Remote Maintenance & Getting Started

FLUX Test

Firewall

IMAGING Prerequisites

Active Directory

I already have a PXE server on my network. Is that a problem?

Simplified flowchart of Medulla

OIDC

DNS and Medulla Relay views in the DMZ

Filter machine types by GLPI ID

Your GLPI with Read-Only User

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Increase the connection timeout to the interface

Activation Support / WSUS / CVE

Change the server's FQDN

Change the SSH port between Server and Client

GLPI - Connect an external GLPI

Network requirements for Medulla Private SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Console & Administration

Remote Maintenance & Getting Started

Client Accounts (Status & Visibility)

Packages

Console & Administration

Remote Maintenance & Getting Started

Set the agent to Debug

Windows Agent Issue

Introduction

ACLs

ACLs continued

Console & Administration

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Accounts (Status & Visibility)

GPO

Reconfigure my agent

Generate Windows and Linux agents

Agents for the MINT Linux distribution

Uninstalling the Medulla Agent (Versions prior to 5.5.2)

Uninstalling Medulla Agent Version 5.5.2 and later

Architecture and Deployment of Medulla Relay Servers

Procedure for adding relays to Medulla Dedicated SaaS

Medulla Update - 5.4.x to 5.5.x

Active Directory

1. Read-Only Account

2. Machine Enrollment Account (Imaging/Mastering)

3. Script Execution Account (Medulla Agent Installation)