On CD2 under Tools\No Support\SylinkDrop there should be an executable called SylinkDrop.exe
This tool can be used to move a client from one SEPM to a different SEPM.
Here is how I have used it. Create a batch script with this in it
\\servername\sharename\SylinkDrop.exe -silent -p <YourPasswordToStopSEPService>
\\servername\sharename\Sylink.xml
The Sylink.xml file is on the destination server (where you want to move your endpoints to).
Where to find Sylink.xml:
On your SEPM go to
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent
You'll see a bunch of folders with some long cryptic looking number. Each one of these represents a group you have created within your SEPM. To find out which group corresponds with which folder you have to go into the folder and open up the LSProfile.xml file. On the 4th line down, it should tell you the group. So find the group to which you want to drop your clients into by looking at these files. Once found, within that same folder will be the Sylink.xml file that I'm referring to above when I mention
\\servername\sharename\Sylink.xml so just copy it to whatever you designate as that location.
What it will do is stop the SEP service, copy that Sylink.xml file over and then restart it up. Unfortunately, if you're thinking "well can't I just do those steps manually?" I have tried it and it did not work. There must be some "special stuff" that exe is doing that makes the magic happen.
Hope this helps.