This content has been marked as final. Show 2 replies
Not such an odd scenario since I have the exact same situation. Legacy 3.6, progressive deployment to new 4.0 and dealing with obsolete AD objects.
I'd say the best approach, if at all possible is to clean up AD first. Any system pulled out of AD will disapear from ePO 4.0 during replication thus keeping your new ePO clean also. In my environement, I temporarily assume that anything not yet covered by 4.0 is either inactive or in 3.6. In 3.6, you can always create a report to show which systems connected recently and correlate that with unmanaged systems imported in your 4.0 then go after those by deploying the new 4.0 agent.
The challenge is in dealing with systems that are remote and only connect into your network through VPN like once a week or so... if you have any (I do).
Keeping ePo 3.6 clean of obsoletes and duplicate was a nightmare. This is much easier in 4.0. That's why we chose that switch over path instead of inplace upgrade.
And to answer your 1st question, yes. If you push the 4.0 agent, the systems will then get their policies and updates from that new ePO.
yeah, sounds like i'm in the same boat as you. I decided it best to start over with 4.0 on a different server also. I have like 150some workstations i can't push the Agent to because they aren't connected to the local network. I know some of those are laptops, which a good portion of those rarely VPN in. I think a bunch are just from AD accounts that should have been deleted long ago but never would. It'll just be something to battle through. thanks for the input.