Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 4219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re-sync with AD

M_H

Is there a way, on the server side of Sophos, that I can re-sync the computers with Active Directory, including having it remove computers which are NOT in AD anymore?  I have so many computers listed that aren't in AD anymore, and I don't see a way to export the list into a format which I could use to test the computer names against current AD computers even.  I haven't felt comfortable deleting each computer & waiting for everything to re-sync because I don't know what that would do.

:51662


This thread was automatically locked due to age.
  • 0

    Hello M_H,

    are you talking about and actually using Active Directory synchronization - i.e. in your groups there are one or more synchronization points (shown with green icons)? Guess not as you should have noticed that computers deleted from (our move out of) a sync'ed container are move to the Unassigned group.

    deleting each computer ... what that would do

    Deleting a computer from the console just flags it as deleted and hides it from all views. No other data (attributes, state, history, group membership) is deleted and the next time RMS sends a message to the management server the endpoint is undeleted/unhidden and reappears in the place it's been last (except perhaps when it's been reinstalled).

    export the list

    You can copy the list from any Endpoints view using Ctrl+C (or Edit->Copy from the menu bar) in tab-delimited format to the clipboard (please see Copying or printing data from Enterprise Console in the Console Help).

    As for what to do - it depends. AD sync is an option (NB: please don't use terms which convey a certain meaning in conjunction with SEC - sync in this case - for something which is not quite the same) if the container structure is suitable to be mapped to console groups. How is a new endpoint detected and handled, how and by whom is Sophos installed on it? If a computer is shown as out-of-date and disconnected - do you try to determine whether it's in an error state or simply gone for good?

    Christian

    :51676