cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
vmm
Level 7
Report Inappropriate Content
Message 1 of 4

Change from System tree to AD Sync

Good Morning 

We are about to change how EPO is configured in the organization.

The old Admin created a system tree and system i believe are manually added but i would like to change this to fully integrate AD. 

What would be the best practice without caucing any issue. Once i set the AD sync what happens to the endpoint already in the system tree? will they be deleted and i will see them in the AD structure? Will i need to recreate all the policies ? Any advice you can think of is appreciated 

Kind regards 

VMM

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Change from System tree to AD Sync

It may or may not delete systems, depending on if you have outdated systems in epo or not.  This is going to take a lot of preperation and steps to get things assigned properly.  You won't have to recreate any policies or tasks, but you will need to reassign them.

There are steps you would need to take to ensure systems don't get the wrong policies.

1. Make note of all policy and task assignments in the system tree and any broken inheritance to see what systems may not have same policies/tasks as other systems.

2. Turn off epo server service only on epo server and any agent handlers to prevent systems from checking in and getting wrong policies.

3. Run the sync, then ensure the system tree is as you expect.

4. Reassign policies and tasks

5. Validate all is as you want it to be for assignments before turning back on apache services.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

vmm
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Change from System tree to AD Sync

Hi 

Thansk for your reply.

My Last questions are 

Once i sync with AD Would be wise to create brand new policy and then delete the old one that apply to the system three ?

The default policy will still be there 

Can we delete the system tree after the sync?

The container windows is where we specify the AD container to sync 

the exclusion the container we need to exclude 

would be better to force the installation of the agent ?

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Change from System tree to AD Sync

If your policies are valid, you should just need to assign them, it would not be fruitful to have to recreate them all. 

Yes, after sync you can delete the portions of the system tree you no longer want.

There is no need to reinstall the agent if they are already talking to epo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.