Hello,
Is the AD in sync with SEPM? If yes, you could work on the steps provided in the Article below:
Removing duplicate clients from the Symantec Endpoint Protection Manager using the CleanClients tool
http://www.symantec.com/docs/TECH97371
Incase if these machines are imaged machines, you may like to work on the steps provided in this Article:
Configuring Symantec Endpoint Protection 11.x client for deployment as part of a drive image
When we delete a client from SEPM the client will disappear from the SEPM for the timebeing.Next time when the client hearbeats to the SEPM it will repair.In simple words when the client is deleted from the SEPM it is not deleted from the database
When we delete the entry from the SQL, the client is deleted from the database.
Deletion from SEPM will only reflect in the database if we are purging the database from SEPM ( Delete cleints when the cleints have not connected since X days..option)
1) Open SEPM and click on the Admin tab.
2) Click on Servers.
3) Select the "Local Site" from the list of Servers.
4) Under "Tasks," select Edit Site Properties.
5) Under the "General" tab, there is a check box that says "Delete clients that have not connected for X days." By default this is set to 30. Change the number of days as desired.
6) Click OK.
Atlast, I would suggest you to check the suggestions provided in the Thread below -
https://www-secure.symantec.com/connect/idea/finding-duplicate-clients-have-same-hardwareid
Hope that helps!!