Endpoint Protection

I need to move a client that is in an AD defined group to SEP group.  I am NOT going to restructure my AD in order to accommodate SEP.  I should be able to move clients into a SEP group that will allow me to apply different policies to these specific SEP groups’ machines. 

SEPM can be integrated with AD, Check the following

Title: 'Organizational Units from Active Directory in Symantec Endpoint Protection 11.0'
Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007092721431648?Open&seg=ent

Client shown in AD canot be moved in SEPM, it will display the client in SEPM once you have Syncd it. After that you can push SEP Client on that computer.

Policies will be created and assigned in the SEPM.

This cannot be done..
Either move Clients in AD..
Or Remove AD Integration from and create SEP groups.

if it is imported from AD you cannot move the clients inside SEPM.It has to be done in AD level only.Otherwise you have to delete the imported OU in the SEPM,then all clients will go to default group.From there you can move it to desired SEPM group.

If you have Integrated AD in SEPM by AD sync you will get the same structure that you have in AD. You cannot  move the clients from AD group to SEPM group


That is not possible.There is no need to restructure our  AD in order to accommodate SEP.


Create the same AD structure in SEPM with the groups. By this you  should be able to move clients into a SEP group that will allow you  to apply different policies to these specific SEP groups’ machines. 

I got nearly 7 OU and in each OU i got 8 OU
my requirement is to use current AD so if Build Team   need to move computer from build group to location group they can just use AD to do this, If i will create SEPM groups in this case they need get access to SEPM to move build group to location group it will increase administration task. I have configured policy on AD group level.

I am not so clear about you post .if you are doing some changes in AD,it will reflect in the SEPM after the next sync.So if you create a new group for a new location in AD,client will automatically  go to that group after the next sync....

If this is the case, please create Domain for each location and create limited administartor for each

http://seer.entsupport.symantec.com/docs/330938.htm

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/499a1f023ae6c1a6882575680059e669?OpenDocument

Yes, by directly editing the database, you can change the [GROUP_ID] for a specific client from a specific AD OU to a Group outside of the AD structure.

Two things to note:

1) Symantec does not support directly editing the database unless instructed by them...

2) When you re-sync with AD, you will have two records for your client, one outside of AD that has the Green Dot, and one within AD that is essentially a blank place holder for the client that was created when the Sync with AD happens.

I would not reccomend this method for normal daily operations...only in very special circumstances.

-Mike

Thanks all for your help

I don't know why you would edit the database to accomplish this.  All you need to do i right click the client and choose "copy."  Then move the client to the group you want.  The computer will still appear as an object within the AD structure, but your client will actually move to whatever group you specifiy. 

Citali is right, you can just create your tree in SEPM, sync your AD under a seperate container, then copy systems from AD ou to SEPM containers, I have been doing that with hundreds of systems and not have a problem.

Dan

So if I understand this correctly I can import my AD structure, move clients to groups I created within SEPM, and then delete the imported OU SEPM groups.

It sure would be nice if the move client script could incorporate AD groups imported