Endpoint Protection

Hi all,

I received an inherited console with groups created by importing OU from active directory. I need to migrate clients from SEP11 to this new console and I need to avoid the assignement to the AD groups and send the clients directly to the ones that are created by myself. I created an installation package exporting the policies of this group, but when I install SEP12, the clients goes directly to the OU and no to the group that I want.

Is there any chance to avoid these and send the client directly to the group that I want?

Thanks in advance

You need to break AD sync

Just follow the reverse to break here:

http://www.symantec.com/docs/TECH96201

You can delete the group (OU) and create a new one and don't sync it:

http://www.symantec.com/docs/TECH95924

Once broken, clients will go to the default group and you can move to whatever group (OU) you want :)

if AD is imported to SEPM, then all the clients report to that particular OU only. If you want then to report to your new group, then you need to remove OU.. there is no other way

Ok, the sync option is unmarked. So when I'll delete the OU all the clients will go to the default group? What happends if I create a group and then I import AD inside this one? Can I move clients too?

Thanks for the quick response

Correct, delete the OU and they call will go to the default group upon checking back in.

You cannot move clients inside an AD synched group. You would need to move in AD first and SEPM will sync with your AD and then the client will move.

I'm not a fan of AD sync as you're a bit limited in moving clients around.