I have a group 'Import from AD' and an other group with ''Production Systems'.
On the import from AD group i have active directory synchronisation scheduled. But when i remove a system from the active directory, the system isn't removed from the group ''Production Systems'
When i leave the system in de group Import from AD, the system is deleted from the group.
So do i have a wrong synchronisation configuration? Or maybe is my issue the same as article:
I use Orchestrator 5.0 build 1160 on Windows 2008 R2 SP1
Make sure that the option ''Delete the systems from the System Tree" in the sync setting,
As Hem suggested above option is already selected and if still it is not deleting system from the system tree it seem like the issue is related to article
KB78932 as you have mentioned. Because as per the configuaration ADSync task should delete those machines which are not present in the AD OU. So you can refer the same article and apply the workaround to delete those machines manually from the system tree or you can apply patch 1 for ePO 5.0.
Please refer article : https://kc.mcafee.com/corporate/index?page=content&id=KB78214
Issue: The System Description is updated by AD Sync tasks and then overwritten at the next agent to server communication with local computer descriptions.
Resolution: This issue is not listed in the Resolved Issues section for the ePO 5.0.1 Release Notes. However, it is resolved in ePO 5.0.1.
5.0.1 is patch1 for ePO 5.0 which is available for download. ePO 5.1.0 is in Beta release.Message was edited by: hem on 13/8/13 3:40:49 PM IST
Hang on - can you explain in a bit more detail what's happening? From what you describe I think this is normal...
The AD sync only applies to the group(s) where the synchronisation is defined - so if I have a group called A with a sync point defined, and I move a machine from group A to group B and then delete it from AD, it will *not* be deleted from group B.
You are right, the ADSync only applies to the groups where the synchronisation is defined so if you have a group called "A" which is a sync point defined and you move some machines from group "A" to group "B" . It means the machines has moved from group "A" to grop "B" and those machines are not present currently in group "A" but you have defined group "A" as synchronisation point, so whenever ADSync task runs it should resconstruct the system tree according AD and whichever machines are deleted or moved from the group "A" those machines should not be present in ePO system tree under goup "A".