Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

System Tree Sorting - Systems disappear or move to L&F

I do not have any sorting criteria set.

I pull in 4 or 5 OUs from AD and I have it set to "Delete Empty Groups" on the sync properties. One OU is "Domain Controllers". As such, I have to manually create a "Domain Controllers" subgroup in the system tree so they are not dumped in the Top level. Ok, I can handle that. I have an on-demand scan task linked on that subgroup I created.

Well, on every AD sync, that subgroup is deleted and the systems are moved to L&F, tags deleted, etc. If I create sorting criteria for the "Domain Controllers" subgroup, it has no effect. I leave "Domain Controllers" at the bottom of the sorting criteria list. Will moving that up help?

If I set the Sync properties to NOT delete empty groups, the DCs are not even pulled into the System Tree. Sometimes one of them will come in, but usually none. I have 2 domains set up and all this happens to both so I must be misunderstanding something.

I have not changed any default sorting method in Menu->Configuration->Server Settings

3 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: System Tree Sorting - Systems disappear or move to L&F

If you are using AD sync than both system and the structure are updated in the system tree to reflect the systems and structure of the Active Directory.
Configure the synchronization settings on each group that is a mapping point in the System Tree.
At the same location, you can configure whether to:
• Deploy agents to discovered systems.
• Delete systems from the System Tree when they are deleted from Active Directory.
• Allow or disallow duplicate entries of systems that exist elsewhere in the System Tree.

So I think you didn't exclude the AD container from the synchronization. These containers and their systems are ignored during synchronization.

I'll suggest to use only System only synchronization. not System and Structure.

You can also use sorting based on IPs and tag (need to create under tag catalog). and enable system tree shorting so automatically all systems will move into right group dueing Agent to server communication.

Re: System Tree Sorting - Systems disappear or move to L&F

Hi jmsuper 

We sync about 6 domains and sync the structure and systems and exclude Empty containers, with move systems into their correct location in the system tree so the AD structure always wins. 

Could you detail the systems in you system tree branch sync point please and we could help with your config. 



Volunteer Moderator 

Certified McAfee Product Specialist - ePO

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 4

Re: System Tree Sorting - Systems disappear or move to L&F

I'm trying to avoid too much integration if I can help it (i.e. sorting based on subnet/ip) just because I feel it can get a bit messy in our environment. I did try just sorting DCs on tag, but the tags were erased and they were moved to L&F so it seems like something else is going first.

Both domains (they are not root domains, if that matters) are set up like this - Container names slightly different but result is the same - DCs moved to L&F. Also, for some reason, I could not just import OU=x,DC=x,DC=DOMAIN,DC=COM.

Import Systems and Container Structure

Leave systems in their current System Tree




OU=Domain Controllers,DC=x,DC=DOMAIN,DC=COM



Excluding Empty groups (systems had been semi-randomly coming into EPO at all with this unchecked - along with a bunch of the AD structure I dont care about)

Delete System from System Tree on removal from sync point

Maybe the best idea is to just import flat list of machines, but I would prefer to go off of AD structure if I can help it. Less maintenance for me long term.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community