Hi smcnetserv !
Firstly I would recommend you to upgrade to ePO 4.5 Patch 3, if you had not done this already. About your questions - everything depends of your settings. I'll try to answer you.
1. When I do "Move systems from their current System Tree location to the synchronized group", will they move from their current ePO group to the corrent AD OU that they belong to?
Yes, all of your systems will move to to correct AD OU that they belong. It actually depends of your settings. If you will chose to sync all AD structure (root element) the same structure will be created in system tree and all systems will be moved to correct OU. However if you will select only some AD structure, systems which are not part of this OUs will stay in their current system tree location.
2. What will happen to the existing policy links for ePO groups, sub-groups, and systems?
Unfortunately, you will have to recreate policy links due to the fact that this will be the shole new system tree structure. Your old policy will be unchanged, however they won't be in use. All groups, sub-groups and systems will inherit default McAfee ePO policy for all products installed.
3. What will happen to the current ePO group & sub-group structure? Will they get wiped out and replaced with my AD structure?
No your old structure will not be deleted or wiped out. You will find inthere old systems which would not sync with AD (if you will not choose all AD OU with systems) into new structure, otherwise your strutcure will becom empty and stay in the same location - probbaly in "My Organization".
Any general suggestions and best practices for AD sync are definitely welcome and appreciated!
Test systems are definetly the best solution where you could test and try differene options and settings however I also didn't have one and had to do it online. Try with only one AD OU containter with some test systems in it. Otherwise i wish you goog luck in worst scenario you will sync all systems which you will have to manually move to correct groups or containter Depends on your AD structure compared to ePO system tree structure you could also sync only systems flat elements with no AD OU strucutre.
Hope that helps,
I went up to My Organization, Edited the AD sync options to only sync one of the nested OUs, selected "Delete systems if deleted form sync point..." and it wiped out my whole existing ePO group structure! In adiition, it uninstalled the agents from the systems that were already in the manually-created ePO groups and sub-groups. Wait, there is more... it did NOT mirror my AD structure underneath My Organization, it just imported the system into the root of My Organization folder. A word of caution for anyone trying to do this... Backup and test. Hopefully this is a bug in ePO, and if it is they better fix it sooner than later.
You set the mapping point on myorg of course it's gonna wipe out the existing tree. create groups under my org and set the mapping point from there.
Didn't know it was the case, because the Gold Support Engineer told me it was OK to do it the way I did... and that the existing tree would be preserved. I guess Community is a more reliable source since these are the people that actully DO IT!. Thanks.