Could you provide a little more information about both the ePO sync setup and on which OU level you have set up the AD synchronization point. Preferably screenshots of the ePO sync setup page with your domain names and OU names obfuscated
From the screenshots I can't spot any obvious configuration "errors". To further troubleshoot I would investigate the following:
1. Search for the DC's and make sure that they not already has been placed in the Lost&Found group (to avoid this tick the box "Move systems from their current System tree location to the synchronized group")
2. Check that the account used for the AD sync has the right to read the "Domain Controllers" OU and the system objects in it
3. Set the sync point on the root level and check the tick the box "Exclude Empty Containers", also make exceptions for other OU's that you don't want to synchronize
4. Check ePO logs for more clues, firstly the orion.log and EpoApSvr.log
The user is an Enterprise Admin.
Couldn't find the orion.log but checked the EpoApSvr.log and all looks fine
What I have found is the DC's are synching but not to their own named subgroup but to the subgroup I created under My Organisation.
The attached screenshot shows this; they are all there under System Name.
They are still manageable ther, just would have liked them under their own subgroup name under AD Servers as are the other OU's.
Possibly as the Domain Controller OU is the root OU for the child objects it holds, it is not added as a subgroup under AD Servers. I say this because there are two servers under the AD Servers subgroup that are in the root of the Servers OU in AD and no Servers subgroup has been created under AD Servers. Make sense?
Yes the sync is working as expected then.
One way to solve this is to skip syncing the "Domain Controllers" OU to your "AD Servers" ePO group. Create a new group either under "My Organization" or as a subgroup to the "AD Servers" group and set up the sync to the "Domain Controllers" OU on the newly created group. By doing this you will have your Domain Controllers synced to that group instead of the root of "AD Servers"
- My Organization
- AD Servers (ePO AD sync set up to the "Servers" OU)
- Domain Controllers (ePO AD sync set up to the "Domain Controllers" OU)
Spot on with the advice!!
I had kept working at it and finally figured it out late yesterday. I realised the OU I was synching in AD takes the root as the subgroup name in ePo.
Thanks for all your help.
Now I just have to figure out why I get the following error when trying to install an Agent handler. But I will raise a seeparate call for that.
I assume now when iclose this call as Correct Answer I will get the opportunity to award you the max points?