cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Wallace
Level 7
Report Inappropriate Content
Message 1 of 6

AD sync not deleting systems

Howdy,

A search shows that this question has been asked before, but I did not find a solution to my issue.

Info:

ePO 5.10u3

Registered AD server used for sync

Sync'ing into "My Organization"

Sync type = Active Directory

"Systems only (as a flat list)" enabled. AD structure does not match System Tree.

Specific OU containers selected.

"Delete the systems from the System Tree" enabled.

"Remove McAfee Agent on next agent-server communication" disabled

Sync task enabled. Tried various times (once a day/twice a day/once an hour)

 

Issue:

When the sync task runs it pulls systems correctly, but it does not delete systems that have been deleted from AD ... unless that system is located specifically in "My Organization." It does not delete the system if it is located in any subgroup of "My Organization."

Is this the expected behavior? I feel like this should be deleting systems from subgroups as well.

Labels (1)
5 Replies
Hem
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: AD sync not deleting systems

I tried on my ePO 5.10 with CU3/4 but can't reproduce it. Ideally it should delete from ePO also. Suggest to open case with support.

Wallace
Level 7
Report Inappropriate Content
Message 3 of 6

Re: AD sync not deleting systems

Unfortunately I have already opened a case on this. The response I got back was...

In your AD Sync Settings, select the "Delete the systems from the System Tree" option and select the "Remove McAfee Agent on next agent-server communication".

This would remove this from ePO permanently.  ePO will not automatically delete the system from the system tree if the agent is still on the computer.
This option can only work if you turn on the machine, and wait for the next ASCI cycle for this to go through.

 

I know that is not an accurate answer, since I have used this feature at other places.

 

 

Hem
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: AD sync not deleting systems

If the machine you would like to delete has MA present on the machine and is communicating . After deleting the machine from ePO server from AD sync task. If MA from client machine communicates at ASCI then entry will be created again.

 

Please look into Audit log, search for the machine which should be deleted. Do you see machine deleted/adding system etc?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: AD sync not deleting systems

What version of epo and what is your SR number?  You can send it in private message if you want.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Wallace
Level 7
Report Inappropriate Content
Message 6 of 6

Re: AD sync not deleting systems

In reply to Hem. I'm positive these devices are not coming back online and having the agent check in. Last communication was before I opened the ticket.

Cdinet, I'll PM you that info.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community