Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5216 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Sync Not Picking Up All Computers...

bmurphy

Hi all,

I'm having a problem with our Enterprice Console (v. 4.5.0.9) not syncing all my computers from our Active Directory. We only found the problem because a user reported that her A/V was telling her it was close to retirement and should be updated. We've gotten that error on some laptops that don't connect to our network often, but this is a desktop computer that's always connected to our network and should have updated itself a long time ago.

After searching the EC for her computer to manually push out the update, we can't find it. I had been syncing only a few OU's (I didn't see the point of syncing my whole AD with 90-some folders to get the ~10 that actually have computers in them). I tried doing a maunal refresh of the directory. I remove the syncronization of the one particular folder and restored it. And finally, I removed all the separate OU syncs and set EC up to sync my whole Active Directory. This computer will not show up. For the timebeing, I've manually imported that computer into a non-synced folder and pushed out the update, but I'm a little worried about what other computers aren't being imported.

Any help someone can suggest to help solve the problem would be greatly appreciated!

Thanks,

Bryan

:12725


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    One thing you could try is to "actually" delete the computer records from the database.  In SEC, when you choose to delete a machine it only sets the "Deleted" flag in the database, so this in effect just hides the machine.  I suspect this is because a user may expect any alerts from the machine to appear in reports where the time covers a period when that machine was "alive".

    That being said I would suggest:

    1. Delete the machine using SEC first to "hide" it.

    2. Check the deleted flag has been set on the record, confirm this by running the following command on the database machine:

    sqlcmd -S .\sophos -E -d sophos47 -Q "select name, deleted from computersanddeletedcomputers where name ='MachineName'"

    Where this command assumes:

    • The database is hosted in a local SQL instance called SOPHOS, i.e.. ".\sophos", this is the default but change as required.
    • The database name is SOPHOS47, this is the name of the database for SEC 4.7, if you have SEC 4.5 it would be SOPHOS45, if you have SEC 4.0 it would be SOPHOS4.
    • MachineName is the name of the machine as it appears in SEC, adjust as required for your problematic machine.

    3. Delete the problem computer from the database by running:
     

    sqlcmd -S .\sophos -E -d sophos47 -Q "delete from computersanddeletedcomputers where name ='MachineName' and deleted=1"

    Note: I've put the Deleted=1 in to ensure that the machine record was indeed deleted for safety.

    Maybe on the next sync the machine will appear in the correct SEC group if there is no existing record for the machine.   Note: you can force a Sync to take place by changing any property of the Syncpoint, for example change the interval and hit OK.

    I hope this helps.

    Regards,

    Jak 

    :16737
Reply
  • 0

    Hi,

    One thing you could try is to "actually" delete the computer records from the database.  In SEC, when you choose to delete a machine it only sets the "Deleted" flag in the database, so this in effect just hides the machine.  I suspect this is because a user may expect any alerts from the machine to appear in reports where the time covers a period when that machine was "alive".

    That being said I would suggest:

    1. Delete the machine using SEC first to "hide" it.

    2. Check the deleted flag has been set on the record, confirm this by running the following command on the database machine:

    sqlcmd -S .\sophos -E -d sophos47 -Q "select name, deleted from computersanddeletedcomputers where name ='MachineName'"

    Where this command assumes:

    • The database is hosted in a local SQL instance called SOPHOS, i.e.. ".\sophos", this is the default but change as required.
    • The database name is SOPHOS47, this is the name of the database for SEC 4.7, if you have SEC 4.5 it would be SOPHOS45, if you have SEC 4.0 it would be SOPHOS4.
    • MachineName is the name of the machine as it appears in SEC, adjust as required for your problematic machine.

    3. Delete the problem computer from the database by running:
     

    sqlcmd -S .\sophos -E -d sophos47 -Q "delete from computersanddeletedcomputers where name ='MachineName' and deleted=1"

    Note: I've put the Deleted=1 in to ensure that the machine record was indeed deleted for safety.

    Maybe on the next sync the machine will appear in the correct SEC group if there is no existing record for the machine.   Note: you can force a Sync to take place by changing any property of the Syncpoint, for example change the interval and hit OK.

    I hope this helps.

    Regards,

    Jak 

    :16737
Children
No Data