Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 21047 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Join an existing Sophos Anti-Virus Client from workgroup to a domain

Auto_Humanitas

Hello,

We use SEC 5.2.1 R2 and Sophos Anti-Virus 10.3.7.

We have a laptop that was in a workgroup but move to another place where we wanted to join it to a domain. On the Active Directory OU we have a auto sync so after we joined the laptop to the domain a new (unprotected) client appeared in the console.

Now 2 clients show up in the console:

1. Connected, protected client in the workgroup (old config)

2. Not connected or protected client in AD. (new config)

But offcourse it should be the other way around. It WAS part of a workgroup but now we joined it to the domain so the domain client should show up as connected and protected.

I tried deleting the workgroup client. I tried uninstalling en re-installing but it's still the same.

How can we resolve this so the client that is synchronised through AD is the one that is connected and we can delete the old workgroup installation?

Any help would be greatly appreciated!

:50692


This thread was automatically locked due to age.
Parents
  • 0

    Hello Peter,

    I haven't used AD Sync since 5.1 (and then only for testing), there have been some changes since then. Unfortunately I can't test this at the moment.

    Deleting one or both entries won't help - deletion is just setting a flag, the entry is still present and will be considered by the matching routines. Before I forget: I'd suggest you contact support to find out how it's supposed to work (existing managed client is joined to domain and moved to a synchronized container).

    It seems that - using solely available supported interfaces and actions - the (almost) only way to get the desired results is reprotecting the endpoint from the console once it's in the correct group (or perhaps reinstall using the -G parameter). Alternatively, giving the endpoint a "blank" identity as outlined in Computers in Enterprise Console appear to update the same record (yes, a quite different issue) might cause the sync'ed entry to be preferred over the old managed one.

    Christian

    :50984
Reply
  • 0

    Hello Peter,

    I haven't used AD Sync since 5.1 (and then only for testing), there have been some changes since then. Unfortunately I can't test this at the moment.

    Deleting one or both entries won't help - deletion is just setting a flag, the entry is still present and will be considered by the matching routines. Before I forget: I'd suggest you contact support to find out how it's supposed to work (existing managed client is joined to domain and moved to a synchronized container).

    It seems that - using solely available supported interfaces and actions - the (almost) only way to get the desired results is reprotecting the endpoint from the console once it's in the correct group (or perhaps reinstall using the -G parameter). Alternatively, giving the endpoint a "blank" identity as outlined in Computers in Enterprise Console appear to update the same record (yes, a quite different issue) might cause the sync'ed entry to be preferred over the old managed one.

    Christian

    :50984
Children
No Data