    AD Sync - Deleting Systems and Removal from ePO

      We have are in the process of setting up our ePO 4.5 server and we have the following layout:


      My Organisation

          ~Repository Points

                Repository 1 (

                Repository 2 (

                Repository 3 (

          AD Sync

                Sync Point (Syncs with Top Level AD)


                Domain Controllers

                Member Servers




      We have the AD Sync setup with the following:

           Synchronize -- Systems Only (Flat List)

           Systems that exist elsewhere in the System Tree -- If systems exist in the tree leave where they are

           When systems are deleted from the synchronization point -- Delete the systems from the System Tree


      We have setup the Repository points to sort using the subnets above and should a user travel to another site they will sync to the applicable repository based on their location.

      What we have found is that if a machine is removed from Active Directory the applicable machine will only be removed from ePO if it still listed under the "Sync Point" subgroup.


      Is this intended behaviour? I would have thought that once it was removed from the sync point it would removed it from the System Tree no matter where it is?

      If this is what should be expected can anyone suggest a way around this?


          This behavior is by design. The AD Sync task will only remove machines that currently exist in the AD Sync group if setup in the way your described above. The simplest workaround I can think of would be to mirror your AD Structure inside EPO. Otherwise you can use the "inactive agent" report to identify stale entries in the EPO system tree and take the appropriate action. You could for example automate the "inactive agents" report and set the action to move the machines back into the AD Sync group. Then the next time your AD Sync task runs if the machine is not in your AD it should delete it. Keep in mind that the "inactive agents" report will list machines that have communicated with the EPO server successfully at least one time. To catch machines that have never communicated you would have to use the "unmanaged systems" report.

            I have another question on this topic.

            Let's say, I mapped an OU in AD to Group A (flat list), then i create a subgroup under Group A (let's call this SubGroup A), and moved some machines into this subgroup. So, when Machine B is deleted from AD, with Machine B located in Group A>SubGroup A in ePO, will it be deleted as well?

            Any advice on this?