8 Replies Latest reply on Mar 29, 2017 12:56 PM by Moe Hassan

    AD sync

    omkargudhate

      Epo mcafee 5.3.0 .I have created a subgroup under main group for testing purpose. A policy is applied on subgroup and subgroup includes machines. Now when AD sync happens the subgroup is automatically wiped out and machine returns to its original group. Also the policy on the group is wiped out. i need the machine to stay in the same testing group even after the AD sync. Can someone help me with this??

        • 1. Re: AD sync
          catdaddy

          Successfully moved from Support Forums to ePolicy Orchestrator (ePO) > Discussions

          For better exposure and assistance.

          • 2. Re: AD sync
            east-ec

            System Tree Sorting is disabled?

            • 3. Re: AD sync
              tao

              When using this AD synchronization, changes in the AD structure are carried over into your System Tree structure at the next synchronization. When systems or containers are added, moved, or removed in Active Directory, they are added, moved, or removed in the corresponding locations of the System Tree.

               

              So, the question becomes, "...applied on subgroup and subgroup includes machines..." are the subgroup and subgroup setup within AD?

              • 4. Re: AD sync
                omkargudhate

                No

                • 5. Re: AD sync
                  omkargudhate

                  No

                  • 6. Re: AD sync
                    tao

                    "....Now when AD sync happens the subgroup is automatically wiped out and machine returns to its original group...."

                     

                    ....are the subgroup and subgroup setup within AD?

                     

                    "No"

                     

                    When using this AD synchronization, changes in the AD structure are carried over into your System Tree structure at the next synchronization. When systems or containers are added, moved, or removed in Active Directory, they are added, moved, or removed in the corresponding locations of the System Tree.

                    • 7. Re: AD sync
                      Troja

                      Hello,

                      i would suggest using two Groups.

                      My Organization -> My Company -> Endpoints.

                      The Policy is assigned on Group My Company. So you can ensure that alsways the right Policy is assigned. Regardless what happens with Group Endpoints.

                       

                      If there are endpoints located in another Group like My Organization -> Company2 you can choose if the endpoints should be moved during AD sync.

                      AD_Sync.jpg

                      Hope This helps,

                      Cheers

                      1 of 1 people found this helpful
                      • 8. Re: AD sync
                        Moe Hassan

                        omkargudhate, you can follow what Thorsten suggested IF you are applying policies on a particular system tree folder. Another solution is to create a tag in the tag catalog (name something like "test.VSE"). Manually assign this tag to your target systems. When you create your custom/test policies, simply apply it to systems with that specific tag "test.VSE". This way your systems could be anywhere in the system tree but they will retain your test policies or tasks.

                         

                        Hope this helps.