Endpoint Protection

I have a use case where in I need to apply a policy to a specific user in Active Directory who will be part of a specific AD group. I synced AD with SEPM  and can see the UPN of the user as the logon name in SEP. I use my samAccountName to login to my desktop and it appears as a separate entry in SEPM. In my case the UPN is my email address i.e. abc@xyz.com and the samAccountName is different i.e. ID123456. Is there a way I can have SEPM use samAccountName instead of UPN?

Thanks.

Qamar Vakil

It should use whatever name logs into the endpoint.

Hello Qamar,
 

You will need to delete the existing client from the SEPM, and then login to the client computer with the SamAccount name, and then the SEPM should sync up user and computer.

I was able to do this by doing the following on a windows 2012 AD server.

1) Used ADSI Edit to change the sAMAccountName attribute to 12345

2) Update the schema cache

3) on the SEPM, changed the SEP client to user mode and then deleted it

4) Logged onto a client machine in format domain\username  i.e. bob\12345

5) Once the client connected to the SEPM, my user 12345 shows a green dot in the OU that i imported.  NOTE: for my testing I imported the default AD Users container

Thanks,

JonDkauf

After further testing, i found that for existing clients that have already been registered, i had to change them to user mode, wait a few minutes and then delete them.  Once i did this, and i logged into the client machines with the 12345 user account, the SEPM properly sync's and displays the correct username.