Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 12249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD sync and multiple policies

JTech

Howdi. If I have a folder in Enterprise Console 5.1, which is synchronizing my client machines from multiple AD OU's, is it possible to have systems in the synchronization to have different policies, AV policy in this use? I went and made a new group with the correct policies, and then to move the machine out of the sync folder in Enterprise console, only to have "Unable to move - the following computers are part of a synchronized group and may not be moved". The only way I can see around this is to either change the synchronization.. which is a lot of work due to multiple OU's OR move the single machine in AD to a new OU, outside of the synchronized folder.. which in itself has knock-on complications. Anything I can do? Thanks.

:36227


This thread was automatically locked due to age.
Parents
  • 0

    Hello JTech,

    as you have seen AD Sync mirrors the AD structure below the sync'ed OU/container by creating corresponding subgroups. A computer belongs to and is "fixed in" the (sub)group associated with its container. You can neither move the computer "outside" nor "within".

    The basis for policy assignments in SEC is groups. Thus you can apply different policies to the subgroups - thus if you have a single machine which needs different settings you'd have to create an additional OU (usually as sub-OU) in the synchronized folder.

    HTH

    Christian

    :36233
Reply
  • 0

    Hello JTech,

    as you have seen AD Sync mirrors the AD structure below the sync'ed OU/container by creating corresponding subgroups. A computer belongs to and is "fixed in" the (sub)group associated with its container. You can neither move the computer "outside" nor "within".

    The basis for policy assignments in SEC is groups. Thus you can apply different policies to the subgroups - thus if you have a single machine which needs different settings you'd have to create an additional OU (usually as sub-OU) in the synchronized folder.

    HTH

    Christian

    :36233
Children
No Data