This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Synchronization and moving systems to a group

On Enterprise Console 4.5.0.9, I've been trying to move some systems to a group so that they could be applied different policies. However, this is the error I'm getting. What am I missing? :smileysad:

This thread was automatically locked due to age.

0 jak over 14 years ago

If you've created a syncpoint, that is to map a SEC group with an AD container you can't move machines that are in the SEC group, which makes sense, as on the next AD sync the machine would be moved back into the SEC group it was moved from.

Other than creating a sub AD container and moving the machine in there, so that SEC gets creates another group you can link a different policy to, you would have to disable that syncpoint and maybe make more specific syncpoints to try and workaround the problem you have.

Essentially SEC forces every AD container to have the same policies if you use AD sync, If that's not possible based on your AD structure you're either not be able to use ADsync in SEC or you'll have to restructure you're AD with AV policies in mind.

You can always just use AD import, to import just the structure of AD, you can then move machines around, create extra groups and assign policies as required. You would loose Auto-protect that AD Sync has, but you could always define start-up scripts to ensure new machines get protection. Plus the group on bootstrap switch will ensure the machine is placed in the right group in SEC.

The following articles will offer some guidance in doing that.

http://www.sophos.com/support/knowledgebase/article/25151.html

http://www.sophos.com/support/knowledgebase/article/12570.html

Thanks,

Jak

:6261
Cancel
Vote Up 0 Vote Down

Cancel