Endpoint Protection

 View Only

  • 1.  Question about deleting AD structure from SEPM 11

    Posted Aug 12, 2009 10:46 AM
    When we install clients, we install them into a client group. Underneath this client group is also our imported AD structure. Symantec eventually moves the clients out of the default client group into the AD structure. I now want to delete the AD structure from SEPM and just leave the default group. My question is, if I delete the AD structure will the clients that are currently showing under their AD OUs move back to the default group? I don't want the clients to become orphaned and no longer communicate if I delete the AD structure. I cannot find in the documentation anything that says that it is safe to delete the AD structure from SEPM and that the clients will then show back up under the default client group.

    Thank you.


  • 2.  RE: Question about deleting AD structure from SEPM 11

    Posted Aug 12, 2009 10:59 AM
    Every client will have a file called sylink.xml which tell them which group to report.
    if you delete AD structure, i'm little bit sure that they would report to default group as per the 2 documents here

    https://www-secure.symantec.com/connect/forums/ad-integration-sep-groups-computers-moving-themselves-around



    you can delete the AD and replace the clients with new sylink file which would bring back the communication.

    I the download section there is a tool called sylink replacer. You can use that tool to connect your cleints back to sepm.

    Have a good day !






  • 3.  RE: Question about deleting AD structure from SEPM 11

    Posted Aug 12, 2009 11:10 AM
    The clients should fall back into the default group after the AD sync is removed.

    For any which do not (rare) you can use the sylink.xml file to restore them. 


  • 4.  RE: Question about deleting AD structure from SEPM 11
    Best Answer

    Posted Aug 12, 2009 11:10 AM
    Yes if You  delete the AD structure  the clients that are currently showing under their AD OUs move back to the default group.

    I have tested this and t works

    This will help you to understand how AD sync works

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092721431648


  • 5.  RE: Question about deleting AD structure from SEPM 11

    Posted Aug 12, 2009 11:22 AM
    Thank you all for your quick answers. Based on your advise I have deleted the AD structure. We'll see how it goes.

    Thanks again!


  • 6.  RE: Question about deleting AD structure from SEPM 11

    Posted Aug 13, 2009 05:03 AM

    Can you update us?

     



  • 7.  RE: Question about deleting AD structure from SEPM 11

    Posted Aug 13, 2009 09:59 AM
    Yes, it did seem to work. The clients that were on moved back to the default group almost immediately, and as clients that were off are turned on, they seem to be coming back into the default group because the # of pages of clients is growing slowly over time.