cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Hi

I have setup ePO 4.6.0 and initiated AD Synchronisation. All the server OU's show along with the servers except for the Domain Controllers OU.

Has anybody had this happen to them and if so, how is it resolved?

I have read through the epo_460_product_guide but have not found anything that points me in the right direction.

Cheers

Chris

1 Solution

Accepted Solutions
masten
Level 9
Report Inappropriate Content
Message 6 of 7

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Yes the sync is working as expected then.

One way to solve this is to skip syncing the "Domain Controllers" OU to your "AD Servers" ePO group. Create a new group either under "My Organization" or as a subgroup to the "AD Servers" group and set up the sync to the "Domain Controllers" OU on the newly created group. By doing this you will have your Domain Controllers synced to that group instead of the root of "AD Servers"

Ex.

- My Organization

          - AD Servers (ePO AD sync set up to the "Servers" OU)

          - Domain Controllers (ePO AD sync set up to the "Domain Controllers" OU)

          - Lost&Found

/Magnus

View solution in original post

6 Replies
masten
Level 9
Report Inappropriate Content
Message 2 of 7

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Could you provide a little more information about both the ePO sync setup and on which OU level you have set up the AD synchronization point. Preferably screenshots of the ePO sync setup page with your domain names and OU names obfuscated

/Magnus

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Hi Magnus

Thanks for the reply. Please find below screen-shots of our setup. The DC's are under Root and the Servrs OU is two levels below Root.

WP root.bmp

WP Sync3.bmp

WP Sync1.bmp

WP Sync2.bmp

Cheers

Chris

masten
Level 9
Report Inappropriate Content
Message 4 of 7

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Hi Chris

From the screenshots I can't spot any obvious configuration "errors". To further troubleshoot I would investigate the following:

1. Search for the DC's and make sure that they not already has been placed in the Lost&Found group (to avoid this tick the box  "Move systems from their current System tree location to the synchronized group")

2. Check that the account used for the AD sync has the right to read the "Domain Controllers" OU and the system objects in it

3. Set the sync point on the root level and check the tick the box "Exclude Empty Containers", also make exceptions for other OU's that you don't want to synchronize

4. Check ePO logs for more clues, firstly the orion.log and EpoApSvr.log

/Magnus

on 1/17/12 10:03:51 AM CET

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Hi Magnus

The user is an Enterprise Admin.

Couldn't find the orion.log but checked the EpoApSvr.log and all looks fine

What I have found is the DC's are synching but not to their own named subgroup but to the subgroup I created under My Organisation.

The attached screenshot shows this; they are all there under System Name.

They are still manageable ther, just would have liked them under their own subgroup name under AD Servers as are the other OU's.

Possibly as the Domain Controller OU is the root OU for the child objects it holds, it is not added as a subgroup under AD Servers. I say this because there are two servers under the AD Servers subgroup that are in the root of the Servers OU in AD and no Servers subgroup has been created under AD Servers. Make sense?

WP Sync4.bmp

Cheers

Chris

masten
Level 9
Report Inappropriate Content
Message 6 of 7

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Yes the sync is working as expected then.

One way to solve this is to skip syncing the "Domain Controllers" OU to your "AD Servers" ePO group. Create a new group either under "My Organization" or as a subgroup to the "AD Servers" group and set up the sync to the "Domain Controllers" OU on the newly created group. By doing this you will have your Domain Controllers synced to that group instead of the root of "AD Servers"

Ex.

- My Organization

          - AD Servers (ePO AD sync set up to the "Servers" OU)

          - Domain Controllers (ePO AD sync set up to the "Domain Controllers" OU)

          - Lost&Found

/Magnus

View solution in original post

Re: ePo 4.6.0 - Domain Controller OU not synching in AD Sync

Jump to solution

Hi Magnus

Spot on with the advice!! 

I had kept working at it and finally figured it out late yesterday. I realised the OU I was synching in AD takes the root as the subgroup name in ePo.

Thanks for all your help.

Now I just have to figure out why I get the following error when trying to install an Agent handler. But I will raise a seeparate call for that.

I assume now when iclose this call as Correct Answer I will get the opportunity to award you the max points?

Cheers

Chris

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community