We are about to change how EPO is configured in the organization.
The old Admin created a system tree and system i believe are manually added but i would like to change this to fully integrate AD.
What would be the best practice without caucing any issue. Once i set the AD sync what happens to the endpoint already in the system tree? will they be deleted and i will see them in the AD structure? Will i need to recreate all the policies ? Any advice you can think of is appreciated
It may or may not delete systems, depending on if you have outdated systems in epo or not. This is going to take a lot of preperation and steps to get things assigned properly. You won't have to recreate any policies or tasks, but you will need to reassign them.
There are steps you would need to take to ensure systems don't get the wrong policies.
1. Make note of all policy and task assignments in the system tree and any broken inheritance to see what systems may not have same policies/tasks as other systems.
2. Turn off epo server service only on epo server and any agent handlers to prevent systems from checking in and getting wrong policies.
3. Run the sync, then ensure the system tree is as you expect.
4. Reassign policies and tasks
5. Validate all is as you want it to be for assignments before turning back on apache services.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.