6 of 6 people found this helpful
In the System Tree module, select a group and click the Group Details tab
Next to Synchronization type, click Edit
- Select Active Directory
- If your AD OU structure will work for your EPO group structure, select Systems and container structure. This is the easiest method and simplifies the Containers section below.
- If not, select Systems only
Systems that exist elsewhere in the System Tree
- I recommend selecting Move systems from their current System Tree location to the synchronized group
Active Directory domain
- Select your registered LDAP server. If you don't have one defined, click Cancel and then open Menu/Configuration/Registered Servers to create it.
- The other two Active Directory sections will be greyed out
- If you chose to synchronize Systems and container structure, click Add Root and the distinguished name should appear (e.g. DC=mydomain,DC=local). My personal preference is to check the box Exclude empty containers.
- If you chose to synchronize Systems only, either click Browse to select the container or enter the container's distinguished name and click Add (e.g. ou=Laptops,dc=mydomain,dc=local)
- Add any applicable containers or computers. Typically, I've only specified something here when synchronizing Systems and container structure.
- I typically don't use this, because you can't have multiple Push settings defined per OS. If you only have Windows systems, this feature works great. Just make sure the account you specify has rights to install software.
When systems are deleted from the synchronization point
- I recommend reviewing which products you are using and plan to use, because with some products, deleting a McAfee system object will delete the corresponding product info. For example, deleting a McAfee system object will delete its recovery keys for Drive Encryption and Management of Native Encryption.
- If you want full automation, select Delete the systems... This will delete the McAfee system object whenever an AD computer is deleted.
- Note that deleting a McAfee system object will not delete the AD computer object.
- Personally, I choose Leave the systems... because I want to control when a McAfee system object is deleted and I use DE and MNE.
- Configure as you want. I've never used this.
Next, click Save.
Last steps are to create a Server Task which performs the Active Directory/NT Domain Synchronization.
Depending on your AD environment, the sync can take awhile on its first run. Depending on the frequency of changes in your AD, how accurate you want EPO, and how long the AD sync takes, will help determine the AD sync interval. You'll also want to monitor its impact to your DCs.
Hi Kabi ,
Thank you for your information.
I need to know something. After i synchroniz AD if i move the systems to other OU the systems on ePO will move too ?
1 of 1 people found this helpful
You'd need to change the above to:
Synchronize: Systems and container structure
Systems that exist elsewhere in the System Tree: Move systems from their current System Tree location...
Oh, Thank you very much sir.
thanks for your help
once I sync mcafee with active directory. In another time, Is this sync process operate from the beginning or only changes are applied? I need to know what is the automate daily task do for syncing active directory in automation server task?
If I want to keep current changes in epo and avoid moving systems in different OUs,what should I do?
because some new systems are entered to my organization and I want to detect new systems automatically from epo and need epo recognize them and deploy agent by itself.then if is it possible,I install virus scan.
First of all thank you so much for your help by posting this knowledgeable article.
I have question about "Systems that exist elsewhere in the System Tree" option.
Let's say for example, i have created a group name ManagedComputers in ePO, where i placed all the managed computers. I didn't have integrated my AD until now, i just did manual installation on these machines so far.
Now i want to edit the group setting on ManagedComputers Group to Sync with AD and choose the above option as "Leave systems in their current System Tree Location Only" instead of "Move systems from their current System Tree location to the synchronized group".
What happens if i choose "Leave systems in their current System Tree Location Only"? Will it break anything on already existing items in ManagedComputers group?
Or will it only import the left over or newly created objects from AD to this group?
Sorry about the delayed response, but if I understand your use case correctly, the managed systems already located in the ManagedComputers group would remain there.