Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7637 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Synchronize Sophos with domain in another forest.......

Tommy123

Hi,

I am looking to synchronize a group in SEC 5.1 with a OU from a domain in another forest. A two way trust exists between the forests and I am able to use the Protect Computers Wizard to protect clients with sophos AV.

When I right click the group I want to Sync I only get given the option of synchronizing with domains which are in the forest the SEC sits in......

Can someone please help me to sync with the other domain in another forest please?

Thanks 

:36257


This thread was automatically locked due to age.
  • 0

    Hi Tommy, 

     If you would like to protect computers in a multiple domain environment refer to the below knowledge base article:

     

    You can use the console to manage Sophos endpoint security software in a multiple domain environment.

    Known to apply to the following Sophos product(s) and version(s)
    Sophos Endpoint Security and Control 9.7,
    Sophos Endpoint Security and Control 9.5,
    Sophos Endpoint Security and Control 10.0

    What to do
    1. You must ensure that there is a two-way trust relationship between the domain containing the management server with the console on it, and the domains that it will manage. (For details of how to set up a trust relationship between domains, refer to the Microsoft documentation.) 

    2. If you are running the Protect computers wizard from Enterprise Console or Sophos Control Center, the wizard prompts you for a username and password that is valid for the administration of the endpoint computers. 

      • If the computers are all in the same domain, the account username must be in the format
        [TargetDomain]\[AdministratorAccount] 

      • If the computers are on different domains covered by the same Active Directory schema, use the Enterprise Administrator account in Active Directory. The account username must be in the format
        [EnterpriseAdministratorAccount]

    Technical Information

    When deploying through the console only a one-way trust is required.  However a two-way trust ensures that the account used in the Protect computers wizard can both create the scheduled task to start the installation on the endpoint computer, as well as allow the software to connect back to the update server to start the download.  For further information on how the console installs endpoint software see article 12455

    :36269
  • 0

    Hello Tommy123 and BlackButterfly,

    if I understand correctly Tommy asks about AD Sync with a domain in another forest - and specifically about sync as Protect Computers allegedly works.

    Now, I don't even have another domain let alone another forest. Obviously the Browse ... window in the GUI does only present the home forest (can't say if it is possible at all). @Tommy123 - did you try to enter the container name manually?

    Christian

    :36271
  • 0

    Hi,

    In the end I went and looked at the server I was migrating from and copied the LDAP details (//OU=,DC=,DC=) and this has now synchronized fine.

    Thanks

    :36291