Here is the scenario: ePO 4.6 is configured to do a 1-to-1 sync in several locations within AD there are various clustered systems (System A=A, System B=B and ClusterName=CL). During a sync all 3 names are pulled into ePO and Systems A and B have an Agent and VSE installed, but the Cluster Name shows as unmanaged.
How are others handling this issue?
Hi sdelvecchio, as McAfee Agent is not cluster aware then you'll have to install it on each node of your cluster and will be managed as different machines. The problem is that you have an objet in your AD with the cluster name that does not correspond to a real computer and you won't be able to manage it (but you'll be able to manage its nodes)
I've had the same problem with a customer who couldn't move the cluster name to a different OU so we decided to tag it (for example with the "unmanaged" tag we created and applied manually) and move it to an "unmanaged computers" group in the epo tree. This tag won't be erased or overwriteen so don't worry about it.
That's what we do now, tag it as Cluster. Can I still move the machine to another ePO tree location if it's doing a 1-to-1 synce with AD or will it get moved back to it's synced AD location upon the next sync?
I was concerned that I would have to go to a flat file import/sync instead of a 1-to-1.
Tnis depends on how AD sync was set-up on your ePO. If you told to move computers from their location to the synced folder then your cluster will always move back to its original container
You could maintain a list of the cluster aliases in a text file and delete them in a server task (Load Systems by files -> Delete Systems) which is scheduled right after the AD Sync. This is the way we get rid of the *ix, NAS, cluster alias and other systems which will never ever get a McAfee installed. In fact you could export the AD into a textfile or DB and generate this list of systems automated.