cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory Synch Question

Jump to solution

We are making the move to AD synch, and I was wondering about manual group setup. Currently, our system tree is configured to sort by IP address. We have groups set up based on the office location, and underneath these, are desktop/laptop groups, which is the same as our AD structure. I'm making the mapping points at the office level, and setting it to be the same as the AD structure. Here's my problem - under some of our groups, I have extra groups created, such as a group that has special policies for certain computers, and a Test group, where I move computers to test software installations. These special groups are not in our AD structure, so when the synch takes place, they will be deleted in ePO. How do I keep the AD structure, and still be able to create these special groups, without them being deleted at each synch?

1 Solution

Accepted Solutions
Highlighted

Re: Active Directory Synch Question

Jump to solution

Great question/thinking....

If those computers are mixed around in AD, you have a challenge.  You could (with epo 4.5) get fancy with tagging and different policies, I'm about to play with that a little bit.  Otherwise, you would need those computers in a different ad container then sync them back in that way in epo.  I guess the standard way that i should mention is to just note those individual computers and create different policies for them, then break inheritance for them and give them a test or special policy.  so, 3 options -1- different policies for each, -2- move computers in ad and have that policy correspond to policy in an epo container -3- epo 4.5 tagging a computer, use a query to set policies on that tag.

Have fun....

2 Replies
Highlighted

Re: Active Directory Synch Question

Jump to solution

Great question/thinking....

If those computers are mixed around in AD, you have a challenge.  You could (with epo 4.5) get fancy with tagging and different policies, I'm about to play with that a little bit.  Otherwise, you would need those computers in a different ad container then sync them back in that way in epo.  I guess the standard way that i should mention is to just note those individual computers and create different policies for them, then break inheritance for them and give them a test or special policy.  so, 3 options -1- different policies for each, -2- move computers in ad and have that policy correspond to policy in an epo container -3- epo 4.5 tagging a computer, use a query to set policies on that tag.

Have fun....

Re: Active Directory Synch Question

Jump to solution

Thanks for the response. I've been talking to one of the server admins, and we've agreed that, since there aren't that many special groups needed, we'll create them in AD to keep the structure the same. Looks like that will work best for our setup.

Thanks again!

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community