I created a discovery task to import new systems from my active directory automatically into my epo directory. The first Active Direcotry Import Task worked fine. Every system has been imported into the right container.
But now newly addes systems are not pushed into the right conainer but into the lost&found directory.
Here is a small example to show what I mean:
one system which has been imported through the active directory import task: _mydomain --> server --> terminalserver --> myterminalserver1
now a newly added system imorted by the discovery task: myterminalserver2 _mydomain --> lost&found --> server --> terminalserver --> myterminalserver2
sorry I forgot to say that I am using ePO Server 3.6 not 4.0.
I´ve read the knowledge base article. But I am not creating new groups, just new systems are added to the active directory. For instance I am installing a new terminalsserver terminalserver2, which is member of my domain and listed in my active directory under:
_mydomain --> server --> terminalserver --> myterminalserver1
When ePO Server does the discovery task I can find this new system in the ePO Directory under:
_mydomain --> lost&found --> server --> terminalserver --> myterminalserver2
The ePO Server alredy has this directory path _mydomain --> server --> terminalserver Because my first active director import on the ePO server has created this path correctly. Even systems which existed in the active directory before the import are correctly in the ePO directory. So myterminalsever1 for instance is under _mydomain --> server --> terminalserver. But newly addes systems always displayed under lost&found.
I also have a similar problem with systems that I have moved within my active directory. For instance I moved a system Client1 from _mydomain --> locationA to _mydomain --> locationB. The ePO Server is not recognizing this movement. (I´ve read ePO4.0 can do this). So I thought I will just delete Client1 from the ePO directory and the next active directory discovery task will reinsert Client1 into the right path.
But the ePO server did the following after discovery: _mydomain --> lost&found --> locationB --> Client1
So I am having the same problem as with newly added system.
no, I don´t have any ip filters set. I just ran the active directory import wizard for three containers, client, memberserver, domaincontroller. Then I configured the discovery task. The mapping between active directory and epo directory should be fine, cause I didn´t change anything. for domain controller it is: ou=domain controllers,dc=mydomain,dc=com for instance.
its by design in 3.6.1 (well it depends where you mapped the site to ):
Active Directory (AD) integration information: The AD integration feature in ePolicy Orchestrator (ePO) 3.6.x has 2 parts: Import(manual) and Discovery(scheduled task). The Import feature (Import Active Directory Computers option) places the computers in the corresponding location in ePO as they were in AD.
The Discovery feature (Active Directory Discovery Task), places new computers in the Lost & Found group of the corresponding mapped site, under a new sub-tree to indicate its location. The Active Directory Discovery Task adds newly discovered computers, but does not update computer entries that are already in the ePO directory. If an existing computer is moved in Active Directory, the corresponding entry in the ePO Directory tree will not be affected.
why isn´t that specified in the product guide? To my mind this should be mentioned in the product guide.
So, if the Discovery Task does not have the ability to import new systems from the active directory tree into the correspronding epo directory tree, what are the best practices or workarounds to maintain an active directory with 2.000 systems?
Actually I am in the middle of a project. The ePO Server ist already installed and also the active directory is running. At the beginning of 2008 we will start a roll out of about 2.000 systems. Therefore I am unhappy that the discover task can not put this new systems automatically into the right epo directory tree.
Any recommendations how I can handle this?
By the way: - Is ePO4.0 able to import new systems into the right tree? - And is ePO4.0 also able to update computer entries, when they have been moved within the active directory? I think I´ve read this somewhere on the mcafee website. So with ePO4.0 I wouldn´t have those problems right?
Be aware though if you are considering 4.0 to check all your products are supported and that you cant yet use Rogue system sensor till they update the software (may be as late as second quarter next year)