Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1377 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mgmt Console and AD Computer Object count

chavez243

I'm currently in the middle of a computer object clean-up in Active Directory, we have SEC synchronized with AD, but for some reason the "unmanaged" and "All" counters in SEC are not decreasing as I remove the objects from AD. Even hours (days) later nothing has changed.  I have even disabled the sync and re-enabled it - no joy.

How do I get SEC to acknowledge the changes to AD and purge the computer objects?

:21839


This thread was automatically locked due to age.
Parents
  • 0

    Hello chavez243,

    quoting from the console help:

    After you set up synchronization with Active Directory, the synchronized part of Enterprise Console group structure matches exactly the Active Directory container it is synchronized with. This means the following:

    • If a new computer is added to the Active Directory container, then it also appears in Enterprise Console.
    • If a computer is removed from Active Directory or is moved into an unsynchronized container, then the computer is moved to the Unassigned group in Enterprise Console.
      Note:When a computer is moved to the Unassigned group, it stops receiving new policies.

    Thus the counters will not decrease as the computers are not removed from SEC but moved to the Unassigned group. The reason is that SEC (monitoring a container but not tracking individual objects) can not determine if an object has been deleted or just moved elsewhere. If the physical computer still exists it will contact SEC and will therefore appear as managed and has to be in some group - Unassigned is the obvious choice.

    Note that if you delete a computer from SEC it is just marked as such but not removed from the database and its history including alerts and errors is kept (in case it reappears or you still want to use this data). AD sync does neither remove the computer from the database nor delete it from SEC to preserve the history and give you the option to deal with it as needed.

    HTH

    Christian

    :21851
Reply
  • 0

    Hello chavez243,

    quoting from the console help:

    After you set up synchronization with Active Directory, the synchronized part of Enterprise Console group structure matches exactly the Active Directory container it is synchronized with. This means the following:

    • If a new computer is added to the Active Directory container, then it also appears in Enterprise Console.
    • If a computer is removed from Active Directory or is moved into an unsynchronized container, then the computer is moved to the Unassigned group in Enterprise Console.
      Note:When a computer is moved to the Unassigned group, it stops receiving new policies.

    Thus the counters will not decrease as the computers are not removed from SEC but moved to the Unassigned group. The reason is that SEC (monitoring a container but not tracking individual objects) can not determine if an object has been deleted or just moved elsewhere. If the physical computer still exists it will contact SEC and will therefore appear as managed and has to be in some group - Unassigned is the obvious choice.

    Note that if you delete a computer from SEC it is just marked as such but not removed from the database and its history including alerts and errors is kept (in case it reappears or you still want to use this data). AD sync does neither remove the computer from the database nor delete it from SEC to preserve the history and give you the option to deal with it as needed.

    HTH

    Christian

    :21851
Children
No Data