cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP sync adding new systems but not removing old

Jump to solution

We have a task which runs to sync with LDAP to bring in new systems.

This works in that it brings in the new systems, however anything we delete in AD doesn't then automatically delete on ePO.

I know there is an automatic task (disabled by default), to delete systems whos agents haven't communicated in x days, however I thought the point of doing the LDAP sync would be to import new machines and delete old?

Am I assuming something which isn't designed to work like this?

If we use the rule to delete machines whos agents haven't talked back in x days, and then the LDAP sync runs and see's these new machines, will ePO automatically add them again?

Thanks

1 Solution

Accepted Solutions

Re: LDAP sync adding new systems but not removing old

Jump to solution

Hi cowoflove,

Find you synchronization level for the system tree (if the whole system tree is synced this will be My Organisation level of the System Tree).

System Tree > Group Details tab look at the Synchronization type by clicking edit.

Towards the bottom of your LDAP Synchronization settings you will find:

Set the 'Delete the systems from the System Tree' setting for when Systems are deleted from the synchronization point (Active Directory).

Kind regards,

George

View solution in original post

5 Replies

Re: LDAP sync adding new systems but not removing old

Jump to solution

Hi cowoflove,

Find you synchronization level for the system tree (if the whole system tree is synced this will be My Organisation level of the System Tree).

System Tree > Group Details tab look at the Synchronization type by clicking edit.

Towards the bottom of your LDAP Synchronization settings you will find:

Set the 'Delete the systems from the System Tree' setting for when Systems are deleted from the synchronization point (Active Directory).

Kind regards,

George

View solution in original post

Re: LDAP sync adding new systems but not removing old

Jump to solution

Hi George

Thanks for the response.

I've just checked these settings and it turns out that its already enabled, so not sure why its not working 100%.

Highlighted

Re: LDAP sync adding new systems but not removing old

Jump to solution

Hi cowoflove,

That makes it a bit more intriguing...

Out of interest how often are you synchronizing/what's the schedule on the server task for AD sync?

Obviously systems will only be removed from the system tree, once a system is removed from AD and this synchronization task runs.

Thanks,

George

Re: LDAP sync adding new systems but not removing old

Jump to solution

We doe a sync twice a day, once in morning and the other in the afternoon.

I've logged a ticket with support but still to hear back 😕

Re: LDAP sync adding new systems but not removing old

Jump to solution

Hi, did your problem get solved?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community