Video Screencast Help

LDAP OU and normal group SEP installation

Created: 07 Mar 2013 • Updated: 08 Mar 2013 | 10 comments
This issue has been solved. See solution.

We synchronize clients into SEPM from LDAP OU group like below structure


We don't want to export package from individual OU group, but want to use one common installation package to manually install on these SEP clients(deployment failed due to network issue).Then we manually created a group "Unassigned" , create installation package(computer mode) from this group, and install on all SEP clients.
My questions is ,for computerAAA, will this client be added into "Unassigned" group, or it will be identified as the same account under LDAP OU CityA.
If it will be added into Unassigned group, then what is the status of the computer account in CityA OU?

Operating Systems:

Comments 10 CommentsJump to latest comment

SMLatCST's picture

If the computer exists within an OU being synchronised, it will drop into the OU linked group on install.

Also, in this instance, you might be better off leaving the "Include policies" and "Automantically assign to group" options of the client export unticked (just make sure it is managed).

When the client checks in after install, it will connect to the computer record in the OU linked group, when that happens, it will pull down the relevant policies for that group

Rafeeq's picture

If you are importing OU from AD. You wont be able to move clients from Unassigned group to AD imported ou in sepm. the option to move will be grayed out.

Once installed the client will report to the unassigned client group. Based on your AD sync settings (sepm-server )settings it will fall back to the respected OU

SymQNA's picture


Where to find the "Include policies" and "Automantically assign to group" option you mentioned?

Do you mean the option "Remove all previous logs and policies, an reset the client-server communications settings "

pete_4u2002's picture

I believe the process is being talked about while exporting the package not to include the policy.

SymQNA's picture

Hi pete_4u2002

I just have a test, even I did not uncheck the option SMLatCST and pete_4u2002 mentioned, the client still can be drop into related OU ,like SMLatCST expected. Is there any log for my reference to check if this client is joined into Unassigned group first and then move to related OU group? Thanks

Rafeeq's picture

You can give this report a try 

go to Monitors, choose Logs, then choose System for the 'Log type' dropdown and Server Activity for the 'Log content' dropdown.

SMLatCST's picture

Generally speaking, an unknown client with no "Preferred Group" in its Sylink.xml file will drop into the "Default Group" by default.  After it has been linked to the computer account imported from AD it will then move into the OU Linked group.

This switching normally happens very quickly as it's all server side processing, and should complete before the client has even downloaded the policies for the "Default Group".

SMLatCST's picture

Just to follow up though, please see the screenie attached for the options I was talking about.  Checking these is unnecessary as the SEPM already knows about the client through the OU Linked groups.

Leaving these unchecked also (marginally) reduces the size of the install package smiley

Rafeeq's picture

I dont think you will be able to export with those options unchecked. It will ask you need to select atleast one for policy..can you confirm?