Endpoint Protection

 View Only

  • 1.  SEPM Groups and AD Sync

    Posted Mar 06, 2010 11:07 PM
    I have my SEPM synched with AD

    I have a bunch of PCs sitting in the Default Group in SEPM. I take this to mean that they are not in an AD group that is synched with SEPM. If I go and look at those PCs in AD, they appear to be in the correct AD group that IS synched with SEPM. I'm not sure what is causing this. Even if they weren't in the correct AD group to begin with then moved, shouldn't they still move to the correct SEPM group? How would I get these PCs in the correct group in SEPM without doing a Sylink drop? When I right click the PC and select move in SEPM, I get an error that says it can't be moved.

    Can use the "Block New Clients" option? If I do then where do the clients go?



  • 2.  RE: SEPM Groups and AD Sync

    Posted Mar 07, 2010 09:22 AM
    First try running Sync Now. ( In SEPM - Clients -right click on the AD group in which those clients are present and click "Sync Now"
    .if that doesn't work then
    Delete add/ groups from SEPM and then ADD it again all clients will fall in right group

     


  • 3.  RE: SEPM Groups and AD Sync

    Posted Mar 07, 2010 09:28 AM
    I did try Sync Now but that did not work

    So your saying if the PC is sitting in "Group X" in AD but sitting in Default Group in SEPM, I would just need to delete "'Group X" in SEPM and re-add, then  the PC would be showing up in Group X in SEPM as it should?


  • 4.  RE: SEPM Groups and AD Sync

    Posted Mar 07, 2010 09:39 AM
    Well..
    you can try this before deleting and re-importing OU

    1. Make sure your SEP sync is disabled for the time being.
    2. Move the problem workstation in AD to a group that is not sync'ing with SEP.
    3. Manually sync the SEP group where the workstation should belong.
    4. Run this command in your browser on the SEPM server:http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=CleanClients  This will automatically remove the duplicate clients.
    5. Move the problem workstation in AD back to the group where it should be.
    6. Re-enable sync'ing in the SEPM.
     


  • 5.  RE: SEPM Groups and AD Sync

    Posted Mar 08, 2010 08:01 AM
    Is there any ramifications or things I need to watch out for if I break the sync and then re-sync after I move the PCs?



  • 6.  RE: SEPM Groups and AD Sync

    Posted Mar 08, 2010 08:30 AM
    Once you  break the sync , the clients will move back to default group and once you re sync the clients will  move back to AD group.
    Keep a watch on the Policy.