cancel
Showing results for 
Search instead for 
Did you mean: 
jarndt
Level 8
Report Inappropriate Content
Message 1 of 5

ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

Hello all,

We are about to start migrating machines from ePO 4.6 to ePO 5.3.  We currently do not have AD Sync enabled in 5.3 and I believe that enabling it would help to sort machines into their correct location in the System Tree.

If I enable AD Sync in ePO 5.3, will it automatically pull in those systems even if they're currently being controlled by the ePO 4.6 server?

Thanks,

Jamie

1 Solution

Accepted Solutions
Reliable Contributor andrep1
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

On AD sync it creates a system object in the system tree, it represents an unmanaged system. When an agent with matching name communicates, the information will merge.
So if you sync, but do not push the agent on sync you will have your unmanaged systems on the new servers but the managed systems will   remain on the old server.

4 Replies
Reliable Contributor andrep1
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

It will create a system entry in your system tree and will replicate the OU structure if you enable that.

To pull in the systems to the new ePO, use the Transfer Systems function from the old server to the new server. Much easier to track what is happening this way. Once you mark a device to transfer, it will transfer to new servers when it connects to ePO.

It takes minimal setup to do that.

Highlighted
jarndt
Level 8
Report Inappropriate Content
Message 3 of 5

Re: ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

Thanks, Andre.

Can you explain what you meant by "create a system entry"?  Will a device end up being in both the 4.6 and 5.3 ePO servers? It would seem to me that would not be possible. I just want to make sure that if I enable AD synchronization, I don't want ePO to suck in a whole bunch of devices into 5.3 when I'm not ready to do that.  I want to re-create AD in the System Tree and move machines from 4.6 to 5.3 on my own time. When they get moved to 5.3, I want them to get automatically moved to the right spot as a result of AD sync.

I've already set up the ability to transfer systesm from 4.6 to 5.3 and have transferred a handful of systems already.

Reliable Contributor andrep1
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

On AD sync it creates a system object in the system tree, it represents an unmanaged system. When an agent with matching name communicates, the information will merge.
So if you sync, but do not push the agent on sync you will have your unmanaged systems on the new servers but the managed systems will   remain on the old server.

jarndt
Level 8
Report Inappropriate Content
Message 5 of 5

Re: ePO 4.6 -> 5.3 and AD Sync question

Jump to solution

Got it. Thanks for the help, Andre!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator