Duplicate unmanaged machines when AD syncs

Hello mgomez,

so the managed machines have never been in the correct (i.e. synced) group? As you can only delete computers under a synchronization point but not move them out or in, in which SEC group have they been before? 

I wonder if I delete the managed unassigned machine

Delete (from SEC) does not remove a computer entry (and its history) from the database, it just hides it. If the computer reports to SEC again, or appears to match a computer "found" by Import/Discover/Sync it is simply "undeleted" (and retaining all its history). 

You actually have (at least) two computers with the same name in the database (for whatever reason). For whatever reason sync prefers the unmanaged over the active/managed. The result is likely the same whether you "delete" the one, the other, or both. Could you post a screenshot of SEC's Computer Details tab for such a pair? I'm to lazy to try to understand the logic of the stored procedure(s) involved - that's why I asked whether it happens with newly added computers as well. Might be a legacy issue.

You could try the following (usual disclaimer about following advice not given by Support in general and modifying the database in particular applies):

1. list the duplicates as pre Jak's post in this thread (adjust the database name, SOPHOS52 or SOPHOS521). This might or might not give some insight
2. choose one of the pairs and SQL delete the unmanaged computer in the synced group from the database (DELETE from ComputersAndDeletedComputers Where NAME='....' AND Managed=0 AND IdentityTag='...') . perhaps backup the database first :smileywink:, anyway make sure that no sync occurs at this time
3. with the next sync the now single computer should be moved to the correct group

Christian

Hello mgomez,

so the managed machines have never been in the correct (i.e. synced) group? As you can only delete computers under a synchronization point but not move them out or in, in which SEC group have they been before? 

I wonder if I delete the managed unassigned machine

Delete (from SEC) does not remove a computer entry (and its history) from the database, it just hides it. If the computer reports to SEC again, or appears to match a computer "found" by Import/Discover/Sync it is simply "undeleted" (and retaining all its history). 

You actually have (at least) two computers with the same name in the database (for whatever reason). For whatever reason sync prefers the unmanaged over the active/managed. The result is likely the same whether you "delete" the one, the other, or both. Could you post a screenshot of SEC's Computer Details tab for such a pair? I'm to lazy to try to understand the logic of the stored procedure(s) involved - that's why I asked whether it happens with newly added computers as well. Might be a legacy issue.

You could try the following (usual disclaimer about following advice not given by Support in general and modifying the database in particular applies):

1. list the duplicates as pre Jak's post in this thread (adjust the database name, SOPHOS52 or SOPHOS521). This might or might not give some insight
2. choose one of the pairs and SQL delete the unmanaged computer in the synced group from the database (DELETE from ComputersAndDeletedComputers Where NAME='....' AND Managed=0 AND IdentityTag='...') . perhaps backup the database first :smileywink:, anyway make sure that no sync occurs at this time
3. with the next sync the now single computer should be moved to the correct group

Christian