Depending on your organization, Active Directory (AD) may be a good source of data. Symantec Altiris v7.x has built-in functionality for importing both computer resources and user resources from AD.
Altiris also has the ability to keep the computer resources imported from AD in lock-step with AD. This is done by synchronizing not only any computers contained in AD, but any computers deleted from AD. This means that a computer imported from AD can be automatically deleted from Altiris when it is deleted from AD. This is a problem when practicing ITAM in Altiris. Best practice is that asset records should be kept indefinitely for proof of proper disposal.
Altiris also has a built-in purging mechanism not tied to AD. Computer resources not reporting to Altiris for configurable period of time can be either retired (preferred option) or deleted. Something to keep in mind about this setting is that computers not reporting to AD includes not only the computers’ agent reporting to Altiris, but also the import of the computer from AD. If computers are not regularly removed from AD, the purge timer in Altiris never starts. To work around this situation, two filtering options exist for computer imports, accessible by clicking the “all computers” link in the computer import task. First is the option to not import disabled computers. Second is the option to not import computers with AD passwords not changed in 30 (configurable) days. This second option basically means that if a computer has not connected to AD in 30 days, Altiris will not import it.
Keeping these options in mind can help keep your Altiris database a little cleaner.
These Stories on Altiris