Endpoint Protection

Hello,

We are running RU6 MP1 synced to an AD domain. We recently started deploying Mac clients and the installer package I created pointed to a SEPM Group above (not within) our AD. Sometimes when the installer is run, the Mac client goes to the "right" group (outside of AD) and stays there...but then sometimes the Mac client will drop down into it's "normal" location within AD.

So my questions are:

1) Am I correct in remembering that ONLY clients within the "Default Group" will Sync down into AD? The other groups outside of AD won't.

2) If the question above is correct, then what might cause a Mac client who is sitting in a custom group outside of AD...to suddenly drop down into AD after a sync.

Bottomline...I want to Sync with AD, but I also want to maintain some machines in groups on the SEPM that are outside of AD that have their own custom policies.

Thanks for any thoughts...

-Mike

If you sync with AD, then the clients would be listed in their corresponding AD group  in SEPM.

You could  not  have a client listed in AD be in a custom group in SEPM...whenever you would sync with AD, the structure in SEPM would be the same , as your AD.

fall under any of these 

http://www.symantec.com/business/support/index?page=content&id=TECH92456&locale=en_US

If I understand you correctly...if I created a group on the SEPM called "Macs" that was not within AD (it was above it) and I moved machines into that group by way of a custom installer...your saying that those machines would sync down into the AD structure and move out of my custom group?

After AD Sync all the clients should fall in right Container..

It is not possible to move AD client outside AD group. For that you will have to create new OU and move client in AD and the client will move to new OU in SEPM.

Thanks Vikram for clarifying...I've been running under the impression that only the "Default Group" synced with AD, and that the other custom groups did not.

Thanks to all for the speedy information!

That's correct!