The VSA manages machines by installing a software client called an agent on a managed machine. The agent is a system service that does not require the user to be logged on for the agent to function and does not require a reboot for the agent to be installed. The agent is configurable and can be totally invisible to the user. The sole purpose of the agent is to carry out the tasks requested by the VSA user. Once installed:


A domain contact contains contact information similar to information defined for a user, but a contact has no domain logon privileges.

Distinguished Name

A distinguished name provides the same information as a canonical name, formatted as a series of attributes, sequenced in reverse order from the canonical name. CN = Common name or container. OU = Organization unit. DC = Domain component.

Duplicate Exists

If an agent already exists on a managed machine in a different machine group, then Discovery creates an "empty" machine ID template account—identified with a check-in icon—and no agent ever checks in. The new machine ID template account displays a machine.ID / group ID / organization ID based on the computer's canonical name in the Active Directory domain. You can merge these duplicate accounts. The existing, active agent account adopts the name of the new machine ID template account, then the new machine ID template account is deleted. No data is lost by the merge and the machine ID account now matches its location in the domain hierarchy.

Feature Set

A feature set provides advanced, specialized functionality that is typically hidden in the basic module. The basic module must be installed and the feature licensed separately to display feature set options.

Included / Excluded domain Folders and Items

Once a probe is installed, Discovery is configured by setting selected domain folders and items to included or excluded. Discovery policies provide IT automation—such as installing agents or creating users—only for included folders and items. Discovery only harvests detailed information for included folders and items, minimizing the amount of data required to maintain synchronization with the domain.

Machine Group

Machines are always defined by machine group and machine groups are always defined by organization. You can define multi-level hierarchies of machine groups by identifying a parent machine group for a machine group. You can also move a machine group and all of its associated machines to a different parent machine group within the same organization.

Machine ID / Group ID / Organization ID

Each agent installed on a managed machine is assigned a unique machine ID / group ID / organization ID. All machine IDs belong to a machine group ID and optionally a subgroup ID. All machine group IDs belong to an organization ID. An organization typically represents a single customer account. If an organization is small, it may have only one machine group containing all the machine IDs in that organization. A larger organization may have many machine groups and subgroups, usually organized by location or network. For example, the full identifier for an agent installed on a managed machine could be defined as jsmith.sales.chicago.acme. In this case sales is a subgroup ID within the chicago group ID within the organization ID called acme. In some places in the VSA, this hierarchy is displayed in reverse order. Each organization ID has a single default machine group ID called root. Group IDs and subgroup IDs are created using the System > Orgs/Group/Depts/Staff > Manage > Machine Groups page.

Machine ID Template

A machine ID template is a machine ID record without an agent. Since an agent never checks into a machine ID template account, it is not counted against your total license count. You can create as many machine ID templates as you want without additional cost. When an agent install package is created, the package's settings are typically copied from a selected machine ID template. Machine ID templates are usually created and configured for certain types of machine. Machine type examples include desktops, Autocad, QuickBooks, small business servers, Exchange servers, SQL Servers, etc. A corresponding install package can be created based on each machine ID template you define.

Machine IDs vs. Agents

When discussing agents it is helpful to distinguish between the machine ID / group ID / organization ID and the agent. The machine ID / group ID / organization ID is the account name for a managed machine in the VSA database. The agent is the client software installed on the managed machine. A one-to-one relationship exists between the agent on a managed machine and its account name on the VSA. Tasks assigned to a machine ID by VSA users direct the agent's actions on the managed machine.

Machine Roles

The Machine Roles page creates and deletes machine roles. Machine roles determine what machine users see when they use Portal Access—a version of Live Connect—from a machine with an agent. The Portal Access window displays when a machine user double-clicks the agent icon in the system tray of their managed machine.

Note: The User Roles page determines what VSA users see when they use Live Connect from within the VSA.

Within the Machine Roles page you can select:

Managed Machine

A monitored machine with an installed agent and active machine ID / group ID account on the Kaseya Server. Each managed machine uses up one agent license.


The VSA supports three different kinds of business relationships:

The Org table is a support table shared by organizations, customers and vendors. Each record in the Org table is identified by a unique orgID. The Org table contains basic information you'd generally need to maintain about any kind of business relationship: mailing address, primary phone number, duns number, yearly revenue, etc. Because the Org table is shared, you can easily convert:

Note: myOrg is the organization of the service provider using the VSA.


An organizational unit (OU) is a container object within Active Directory. An OU/container is used to organize users, groups, computers, and other organizational units. An organizational unit cannot contain objects from other domains.

Portal Access

Portal Access is a Live Connect session initiated by the machine user. The machine user displays the Portal Access page by clicking the agent icon on the system tray of a managed machine. Portal Access contains machine user options such as changing the user's contact information, creating or tracking trouble tickets, chatting with VSA users or remote controlling their own machine from another machine. Portal Access logons are defined using Agent > Portal Access. The function list the user sees during a Portal Access session is determined by the System > Machine Roles page. You can customize Portal Access sessions using the System > Customize > Live Connect page. Both the Live Connect and Portal Access plug-in installers can be pre-installed using the Agent > Update Agent page.

Probe Agent

Discovery communicates with an Active Directory domain using a probe agent. The probe uses the industry standard LDAP protocol to safely and securely communicate with the domain. Each probe agent must be a member of the domain it monitors. Probe deployment installs the extra functionality an agent requires to act as a probe.