Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 8805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central ADSync removes users and groups from second synced AD forrest

Andreas Eisfeld

Hello Community,

we have following Problem with ADSync Tool:

There are two different Domains where ADSync Tool is installed to Sync Users and Groups. The first Domain e.g. domain.com the second  e.g. dev.domain.com.

When the sync of domain.com was running all Users and Groups from dev.domain.com are deleted.

I think the sync tool removes it, because it's like a subdomain and can't find it, but de dev.domain.com is a complete different Domain forrest.

Else the mail Attribute of users in dev.domain.com is username@domain.com.

After the deletion the Users and Groups are removed from the policies inside Sophos Central Endpoint.

 Is there a solution to Prevent the deletion of users and Groups in our Scenario.

 

Thanks for your Help

Andreas



This thread was automatically locked due to age.
Parents
  • 0

    Hello Andreas,


    Looking at the Sophos Central AD Sync documentation, I found this entry:

    It can synchronize multiple Active Directory forests. To do this, you need to install the utility on multiple machines and configure each utility to synchronize a different AD forest. We strongly recommend to synchronize different AD forests at different times of day, so that the synchronizations do not overlap.

    Can you confirm whether you are using that setup, or can you please try it and let us know if that alleviates the issue?

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Reply
  • 0

    Hello Andreas,


    Looking at the Sophos Central AD Sync documentation, I found this entry:

    It can synchronize multiple Active Directory forests. To do this, you need to install the utility on multiple machines and configure each utility to synchronize a different AD forest. We strongly recommend to synchronize different AD forests at different times of day, so that the synchronizations do not overlap.

    Can you confirm whether you are using that setup, or can you please try it and let us know if that alleviates the issue?

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Children
Unfiltered HTML