Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 21045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Join an existing Sophos Anti-Virus Client from workgroup to a domain

Auto_Humanitas

Hello,

We use SEC 5.2.1 R2 and Sophos Anti-Virus 10.3.7.

We have a laptop that was in a workgroup but move to another place where we wanted to join it to a domain. On the Active Directory OU we have a auto sync so after we joined the laptop to the domain a new (unprotected) client appeared in the console.

Now 2 clients show up in the console:

1. Connected, protected client in the workgroup (old config)

2. Not connected or protected client in AD. (new config)

But offcourse it should be the other way around. It WAS part of a workgroup but now we joined it to the domain so the domain client should show up as connected and protected.

I tried deleting the workgroup client. I tried uninstalling en re-installing but it's still the same.

How can we resolve this so the client that is synchronised through AD is the one that is connected and we can delete the old workgroup installation?

Any help would be greatly appreciated!

:50692


This thread was automatically locked due to age.
  • 0

    Hello Peter,

    I'd not be satisfied with this solution :smileywink: ...

    So, deleting the managed computer and then running setup.exe did it? In your first post you've mentioned deleting the workgroup (managed) client and also un- and reinstalling. It's no surprise that the former doesn't help - once the endpoint sends a message it's original entry simply gets undeleted. If the latter didn't work (guess reinstalling meant running setup.exe and you additionally uninstalled) then it could only be because deleting the managed entry is necessary. If so, "resetting" RMS as outlined in the article should suffice.

    Anyway - it doesn't answer the initial problem (and how it can be avoided in the future): that AD sync doesn't move the computer but creates another entry. Did some tests and they suggest that an existing endpoint is correctly moved when AD sync is established or the AD computer is moved to a sync'd container. All I can think of is that the AD sync was done before the endpoint reported its workgroup/domain change to the console. This would require that the reboot of the endpoint had been delayed until after the move in AD (and additionally a short synchronization interval).

    Christian

    :51062