cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

Change from System tree to AD Sync

Good Morning 

We are about to change how EPO is configured in the organization.

The old Admin created a system tree and system i believe are manually added but i would like to change this to fully integrate AD. 

What would be the best practice without caucing any issue. Once i set the AD sync what happens to the endpoint already in the system tree? will they be deleted and i will see them in the AD structure? Will i need to recreate all the policies ? Any advice you can think of is appreciated 

Kind regards 

VMM

3 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Change from System tree to AD Sync

It may or may not delete systems, depending on if you have outdated systems in epo or not.  This is going to take a lot of preperation and steps to get things assigned properly.  You won't have to recreate any policies or tasks, but you will need to reassign them.

There are steps you would need to take to ensure systems don't get the wrong policies.

1. Make note of all policy and task assignments in the system tree and any broken inheritance to see what systems may not have same policies/tasks as other systems.

2. Turn off epo server service only on epo server and any agent handlers to prevent systems from checking in and getting wrong policies.

3. Run the sync, then ensure the system tree is as you expect.

4. Reassign policies and tasks

5. Validate all is as you want it to be for assignments before turning back on apache services.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Change from System tree to AD Sync

Hi 

Thansk for your reply.

My Last questions are 

Once i sync with AD Would be wise to create brand new policy and then delete the old one that apply to the system three ?

The default policy will still be there 

Can we delete the system tree after the sync?

The container windows is where we specify the AD container to sync 

the exclusion the container we need to exclude 

would be better to force the installation of the agent ?

 

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Change from System tree to AD Sync

If your policies are valid, you should just need to assign them, it would not be fruitful to have to recreate them all. 

Yes, after sync you can delete the portions of the system tree you no longer want.

There is no need to reinstall the agent if they are already talking to epo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community