Showing results for 
Show  only  | Search instead for 
Did you mean: 

Moving workstation in AD = missing users in EEPC

I am hoping there is a way around this...  Im using EE 6.0.2 and if in AD I move an encrypted PC to another OU (user switches departments, etc..) and synch my AD, the next time pre-boot is presented on that PC, that user cannot login.  I get an unknown user message.  If I check the PC in EPO, the encryption user list for the PC is blank.

I do not have the 'Add local domain users' option checked in the policies.  Not sure if this is the solution or if there is another way to stop the users from being removed, in effect  causing the user to have to re-enter their security questions, etc.

Message was edited by: Jack Siergiej on 12/3/10 2:27:33 PM CST
6 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Moving workstation in AD = missing users in EEPC

I've had a number of issues with machine accounts dropping users, with unfortunately little progress in resolving other than to not sync with AD.   Selecting the option you mention should resolve the issue, but I recall that doing so and adding users manually causes issues as well.   Unless McAfee has a solution, this is a significant issue with this product.

Re: Moving workstation in AD = missing users in EEPC

Unforunately, selecting the "Add Local Domain Users" does not resolve the issues.  Yes, it puts the users back, but not after removing them following the AD sync.  The fact that its a "re-add" of the users, causes them to have to put in the default password again and redo their security questions.

I will be calling in on this on Monday.  This is just another one to add to the ever growing list.

Message was edited by: Jack Siergiej on 12/6/10 7:30:48 AM CST
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: Moving workstation in AD = missing users in EEPC

Any updates Jack?  Unfortunately I was never able to make any progress on this issue other than to stop syncing AD, which I don't plan to do forever but can't much help right now.    If you're able to discover anything I'd be most interested to hear about it.

Re: Moving workstation in AD = missing users in EEPC

Going through McAfee support now.  I actually have a Tier III rep assigned to me due to all the issues I have found with the software that have ended up going to Tier III.  I just got off the phone with my account rep and this one is getting escalated as well.

I initially got a response from the Tier I tech stating that he discussed the matter with Tier II and they said it was "Normal" operation that after a machine is moved in AD, the sync deletes the machine from the old location and re-adds it to the new location in EPO.  This, as you know, removes the encryption users and causes login issues.  He said they were looking at changing it in EPO 4.6, but who knows when that will be released.

I told him that this behavior is not normal and should not be seen as such.  It is a major issue that needs to be escalated to Tier III for a patch since the AD sync is basically useless when combined with EEPC and can cause some real problems if a number of PC's are moved around.  So we will see where this goes, because I do not plan on stopping the sync and manually creating machines in EPO and AD.  Thats just unacceptable.

Message was edited by: Jack Siergiej on 12/7/10 9:00:01 AM CST
Level 7
Report Inappropriate Content
Message 6 of 7

Re: Moving workstation in AD = missing users in EEPC

Cans someone confirm if this was resolved in version EEPC 6.1 or EPO 4.6?

Re: Moving workstation in AD = missing users in EEPC

Here is the rundown:

The inital problem of moving the computer in AD and not deleting the users was addressed and resolved (somewhat) in EPO 4.6.  However, the issue was not completely fixed.  If you move a computer "up" in the AD tree, nothing happens (which is great), but if you move the computer down, in the tree, the computer is deleted / readded and users are removed. So, machines moving from a lower point to a higher point are not affected, but vice versa the users are still deleted.

I got this response from McAfee just this past monday (8/08/2011)

"Currently engineering is creating working on a fix for this issue. We are expecting a fix to make it into ePO 4.6 Patch 2. But if those timelines change we will let you know."


The suggested workaround is to change the setting "Delete the systems form the System Tree" to "Leave the systems in their current location in the System Tree". This will prevent the machine from being deleted and will move the system to its new location. Note: Systems that have been removed from AD will not be removed from the system tree unless a cleanup task is run.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community