2 Replies Latest reply on Feb 9, 2011 5:15 AM by psm-av

    EEPC - Disabled User - AD Sync



           Here is my situation:


      We are using ePO 4.5 and EEPC 6 - Using SSO(Single Sign On)


      I have disabled one of the accounts on AD then Resync LDAP on ePO and Updated the policy on the machine, Machine already had Framework and EEPC installed and was working fine.


      After a reboot EE didn’t allow that account to login, which is Great that i was aspecting.


      After that I ran a recovery on the machine, logged in as administrator.


      So i have now re-enabled that account on AD, Sync LDAP on ePO and updated agent on the machine – rebooted but EE still think that account is disabled and refuse to accept that account.



      Could anyone tell me at what point does ePO realises that Account has been re-enabled and how can I filter that through to Machine?



      Thanks in advance for your time.



        • 1. Re: EEPC - Disabled User - AD Sync



          The Changes made on the AD are not synced with the epo server instantly, epo server uses the LDAP /SYNC task to sync the AD user details with epo, so even if you make changes on the AD it wont reflect unless the LDAP/SYNC task has been executed on the epo server and then the agent communication with the epo server on the endpoint, unfortunately the minimum time frame allowed by Mcafee to run this task is on hourly basis so you would either have to wait for the next run or will have to go and manually run the task.


          I hope this information would help you.




          • 2. Re: EEPC - Disabled User - AD Sync

            Thanks Pawar,

                 thats what i have tried so far,


            after enabling the account on AD i have


            • Manually Ran the Sync LDAP task on ePO
            • then updated agent on the machine

            but machine still refusing to accept that account and EEPC gives an error stating that this is a disabled user.