Duplicate AD Users

Hi Ian Burnell 

I'd like to know how the duplicate entries were generated. I mean did you first installed the endpoint protection on all the clients and then started Azure AD sync?

There are few limitations with Azure AD sync which we always have to consider before moving to it:

• You must use an account that has been domain joined to Azure AD while installing the endpoint client.
• Azure AD Sync does not import any device data.
• Azure AD Sync does not support Mac endpoints.
• Sophos Azure Active Directory synchronization supports Sophos Endpoint Protection and Sophos Email Gateway. It has not been tested with other Sophos products.

It might not be possible to for us as well to fulfil your requirement as you mentioned above about adding .gov.uk in domain logon.

Thank you for replying. Azure AD sync was implemented first. So it syncs about 1,400 accounts. I had only installed the Endpoint client to a couple of machines. As users logon to those computers a second record is created for the on-premise AD logon. I have downloaded the client and am deploying this via Microsoft SCCM which runs in a local system context. This is an automated solution to deploy the client silently for each user and not create a large amount of Internet bandwidth

I was advised by our account manager that it may be better to start over and use the on-premise AD Sync utility but I logged the above support ticket and was told there would be no problem keeping the existing setup

Hi Ian Burnell 

I think the issue is happening because of the on-prem AD and Azure AD, however you have just synced the Azure AD but as users are getting logged in on the machines through the format of the on-prem AD, it'll generate another user in the central.

Your account manager has provided you with the right direction to start over and use the on-premise AD sync to synchronize your active directory instead of Azure AD. Azure Ad is mainly useful for the Sophos Email advanced but I can see that you have only purchased the Endpoint and Server protection.

Thank you - it is a shame support have not advised me of this. How do I go about doing this?

Hi Ian Burnell 

To do that, you need to have help from the support as there few changes which will be done from the backend.

I'd suggest you talk on the case for this if any possible solution of your existing issue is not possible as it is the last step to do.

ok - I appreciate your prompt reply

ok - I appreciate your prompt reply

Hi Ian Burnell 

Thank you for your appreciation. You can always create a post if you have issues related to Sophos products on the respective product group while creating a Sophos support case.