I'm working with SEPM and I was planning to use both imported OU groups and my own SEPM groups. I have a question about some behavior I noticed.
1. I install SEP11 on an unmaged client which is part of my windows domain
2. I import the OU which this computer is a member of. I can verify in SEPM this computer has been imported (along with all the other ones in that OU)
3. I export the communication settings for the OU group in SEPM and import them into the now managed SEP client
4. Going to SEPM I copy the computer from the AD OU group to another SEPM group called testgroup which I have created. So now the client is in two groups, my OU group and this other testgroup. And it has that green I'm connected dot in both of them.
5. I verify that the policy attached to testgroup, not the OU one, is being applied to the client PC.
6. Now I move the PC into a different OU in AD.
7. I import that other AD OU into SEPM- which the computer I have been working with was just moved to.
8. Now I see the client in the newly imported OU group in SEMP, but its not "green". It is still green in the testgroup.
9. Now if I try to move the computer from testgroup to the new OU group I get an error message saying this cannot be done.
10. Now I delete the client from testgroup. It returns back to the first OU group I imported! The computer account is not in this OU in AD, but I can't delete it from the imported OU group in SEPM because you can't modify imported OU groups.
My question is how does one usually use OU groups and SEPM groups in tandem without getting everything confused. When I copied the computer from the imported OU group to my testgroup shouldn't it have had the green dot removed from it in the OU group? I'm thinking of problems in the future if I copy a computer in an imported OU group into a different group and get confused seeing it has a green dot in both groups- if I see it green in an OU group I'll still have to check and make sure it isn't in another group too, to be sure the right policy is getting applied.