Already a NinjaOne customer? Log in to view more guides and the latest updates.

Active Directory Discovery and Deployment

  • Last Updated January 27, 2026

Topic

This article describes the process for automatically discovering endpoints and deploying the NinjaOne agent to them by using Active Directory.

Environment

NinjaOne Endpoint Management

Description

 

 

NinjaOne's Active Directory Discovery and Deployment tool allows technicians to use Active Directory to automatically deploy the NinjaOne agent to devices that are a part of a domain. Please note, only system administrators are able to approve/reject devices.

Important Note: If a domain controller is moved from one organization to another, the NinjaOne agent on that domain controller will need to be restarted in order for discovered devices to be installed in the new organization.

 

Table of Contents: 

 

Supported Client OSes:

  • Windows Vista
  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Server 2008r2
  • Server 2012/2012r2
  • Server 2016
  • Server 2019
  • Server 2022

 

Requirements:

  • The Domain Controller used for discovery must have the NinjaOne agent installed.
  • You must have Domain Admin credentials saved in the credentials store in the organization configuration.
  • File and Printer Sharing must be enabled on all client devices to push the MSI (Microsoft Software Installer). (On Windows Vista, File Sharing is a separate setting from Printer Sharing and only File Sharing is required.) For more information on setting up File and Printer sharing, you can view this resource in the Microsoft forums.
  • Client devices must be part of a domain and currently part of the network where the Domain Controller resides. (Clients can sometimes be part of a domain but not be currently in the same network as the Domain Controller, in which case the agent deployment will fail.)
  • Client devices must be online in order for Active Push to work; otherwise, a Group Policy Object will be created with a startup script that will install the agent upon OS startup or reboot.

 

Running an Ad-hoc Discovery Job:

  1. Click Administration in the left navigation pane and select Organizations. Click on the organization needing the ad-hoc discovery job. 
    admin_select org.png
    The organization editor displays.
  2. Click Devices in the left navigation pane and open the Discovery Jobs tab; then, click Add on the right side of the page and select Adhoc Discovery.
    devices_discovery_jobs_add_adhoc.png
    The Run an adhoc discovery job modal displays.
  3. Select your domain controller from the dropdown.
    run_adhoc_discovery_job_domain_controller.png
    tip_icon_bw.pngTo use a Windows Server to run a discovery job, that server must be running active directory and be a domain controller for that domain. 

    Once the domain controller is selected, the folders for OU (organizational unit) paths on that selected Active Directory Controller display on the left side of the modal. 
    run_adhoc_discovery_job_active_directory.png
  4. Click through the folders on the left side of the modal to display the devices on the right side of the modal. You can also search for devices using the OU Path field. After selecting a device, click Next
    Important Note: Selecting Recursive will run the job recursively on any child/secondary OUs under the selected OU.
    run_adhoc_discovery_job_devices.png
  5. Activate the checkbox next to a device to select it. Click Select to set credentials. 
    Important Note: If a workstation is selected but the discovery job finds that the device's chassis or framework is for a server, nothing will happen and the job may fail.

    run_adhoc_discovery_job_credentials.png
  6. Click Set Location and Status. There are several options for the status that can be applied to a device. Note that the status you choose affects all devices selected on the previous screen. Each device can have a different status within the same job.
    set_location_and_status.png  
    StatusDefinition
    DiscoveredIdentifies devices that were newly discovered. No action occurs.
    PendingSets the selected devices as pending for deployment of the NinjaOne agent at a later time.
    ApprovedFlags the devices for instant installation of the NinjaOne agent.
    RejectedPrevents the selected devices from receiving the NinjaOne agent.
  7. Once you have selected the devices and set the credentials for location/status, click Apply
    run_adhoc_discovery_job_apply.png
  8. Activate the checkbox next to Save discovery job for later use to create a copy of the AD Discovery jobs. Click Yes to confirm this job.
    save_ad_job_for_later.png
    Important Note: NinjaOne will not process more than one AD Discovery job at the same time. Attempting to set up a second immediate job results in an error while that Domain Controller/OU Path is already in use. Within a single job, different statuses can be given to each device. For example, one device can be set to Rejected, while another device is set to Approved.
    ad_discovery_error.png

 

Scheduling a Discovery Job:

  1. Click Administration in the left navigation pane and select Organizations. Click the organization needing the scheduled discovery job. 
    admin_select org.png
    The organization editor displays.
  2. Click Devices in the left navigation pane and open the Discovery Jobs tab; then, click Add on the right side of the page and select Scheduled Discovery.
    devices_discovery_jobs_add_scheduled.png
    The Run a scheduled discovery job configuration page displays in a popup window.
  3. To begin, select your domain controller and OU Path where the devices you want to deploy the Ninja Agent are located. Click Next.
    Important Note: Selecting Recursive will opt to have the job run recursively on a child OU under the selected OU.
    run_scheduled_discovery_job_domain_and_ou.png
  4. Now, set your credentials for the job and select a group of devices. Click Set Location and Status to choose the location and status for those devices.
    run_scheduled_discovery_job_location_and_status.png
    There are three options for Status:
    StatusDefinition
    NoneThe NinjaOne agent will not be deployed.
    Pending ApprovalNinjaOne will wait to deploy the agent until approved.
    Auto ApproveThe devices will be automatically approved, and the NinjaOne  agent will deploy when the scheduled job runs. 
  5. After a status is set, select a location and click Set
    set_location_and_status.png
  6. Click Set Schedule. This provides the option to configure when and how frequently the job runs. 
    run_scheduled_discovery_job_set_schedule.png
    There are four options when setting the schedule for an AD Discovery Job:
    ScheduleDefinition
    HourlyThis job will repeat every X number of hours until all devices have successfully installed the NinjaOne agent.
    set_schedule_hourly.png
    Daily

    This job will repeat every X number of days until all devices have successfully installed the NinjaOne agent.
    set_schedule_daily.png

    Weekly

    This job will repeat every X number of weeks on specified days of the week until all devices have successfully installed the NinjaOne agent.
    set_schedule_weekly.png

    Monthly

    This job will repeat every X number of months on a specified day of the month until all devices have successfully installed the NinjaOne agent.
    set_schedule_monthly.png

  7. When the job is configured, click Save
  8. Lastly, give the job a name and then click Confirm.  
    name_discovery_job.png
    The job is now scheduled.

 

Viewing AD Discovery Jobs:

  1. Navigate to an organization editor (Administration > Organizations). Click Devices in the left navigation pane and open the Discovery Jobs tab. 
    devices_discovery_jobs.png
  2. Lists displays current ad hoc or scheduled jobs:
    ColumnDescription
    NameThe title given to that job.
    TypeAdhoc or Scheduled.
    Domain ControllerThe domain controller being used for this job.
    OU PathThe OU Path for the device(s).
    ScheduleWhen the job is scheduled to run (for scheduled jobs only).
    devices_discovery_jobs_lists.png
  3. History displays previously completed jobs along with a summary of those jobs:
    ColumnDescription
    NameThe title given to that job.
    TypeAd hoc or scheduled.
    Date
    		The date the job was completed.
    SummaryA summary of what actions were involved.
    UserThe technician who created the job.
    devices_discovery_jobs_history.png

 

Canceling AD Discovery Jobs:

  1. Navigate to an organization editor (Administration > Organizations). Click Devices in the left navigation pane and open the Discovery Jobs tab. 
    devices_discovery_jobs.png
  2. Hover your mouse pointer over the job you wish to delete. The option to edit or delete appears; click Delete.  
    delete_discovery_job.png
    The Delete Discovery Job confirmation popup displays. 
  3. Click Delete again to confirm deletion of this job. AD_Delete_4.JPG
Important Note: The deleted job does not appear in the History tab if it has been deleted before it has run.

 

Setting or Adding Credentials:

  1. In the creation of an Ad-hoc or Scheduled Discovery job, credentials will need to be set. This can be completed by clicking the Select button just below Credentials
    run_adhoc_discovery_job_credentials.png
  2. Next, credentials must be selected from the drop-list. This list of credentials reflects those that are currently available in the organization's credential store
  3. Alternatively, a new credential can be added. 
    new_credentials.png

FAQ

Next Steps