We are about to change how EPO is configured in the organization.
The old Admin created a system tree and system i believe are manually added but i would like to change this to fully integrate AD.
What would be the best practice without caucing any issue. Once i set the AD sync what happens to the endpoint already in the system tree? will they be deleted and i will see them in the AD structure? Will i need to recreate all the policies ? Any advice you can think of is appreciated
It may or may not delete systems, depending on if you have outdated systems in epo or not. This is going to take a lot of preperation and steps to get things assigned properly. You won't have to recreate any policies or tasks, but you will need to reassign them.
There are steps you would need to take to ensure systems don't get the wrong policies.
1. Make note of all policy and task assignments in the system tree and any broken inheritance to see what systems may not have same policies/tasks as other systems.
2. Turn off epo server service only on epo server and any agent handlers to prevent systems from checking in and getting wrong policies.
3. Run the sync, then ensure the system tree is as you expect.
4. Reassign policies and tasks
5. Validate all is as you want it to be for assignments before turning back on apache services.
Thansk for your reply.
My Last questions are
Once i sync with AD Would be wise to create brand new policy and then delete the old one that apply to the system three ?
The default policy will still be there
Can we delete the system tree after the sync?
The container windows is where we specify the AD container to sync
the exclusion the container we need to exclude
would be better to force the installation of the agent ?
If your policies are valid, you should just need to assign them, it would not be fruitful to have to recreate them all.
Yes, after sync you can delete the portions of the system tree you no longer want.
There is no need to reinstall the agent if they are already talking to epo.