We are seeing a problem on endpoints running 7.1.3 where sometimes when a user is deleted from AD, the same user is not removed from an encrypted endpoint. It will show as removed in EPO, but on the endpoint itself the user is not deactivated. This is causing trouble as we migrate to a new EPO server as the client when joined to the new EPO server attempts to look up those AD accounts via the new EPO server and there is no match since the user account has been delete from AD.
It would be good to be able to ensure a successful sync has taken place between the endpoint and the EPO server prior to migration to ensure that there are no users on the endpoint that are not present in EPO. Is there a way to force the client to sync user data with EPO? Is there a way for me to find the authorized users by looking at the client (on the client - not in EPO) The user list appreas correct in EPO but the client has a different out of date list.