Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1828 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Active directory synchronization on sub-containers or sub-ous.

artolearn

Hi there,

I would be very grateful if any of you can help me with this issue.

I installed sophos enterprise console 4.5 on Windows server 2008 R2.

All is well with the install. I have the following request:

Is it possible to synchronise individual active directory containers or subcontainers within the sophos console?

I meant the synchronisation is enabled on the Global or the top level container but not on any of the sub containers.

Is this something that the 4.5 version can do?

Do I need any updates to make it work?

Any help regarding this is greatly appreciated.

Thanks

Kind Regards,

artolearn

:4697


This thread was automatically locked due to age.
  • 0

    Hi,

    A syncpoint in SEC, maps a SEC group to an AD container and you can create multiple syncpoints.  The syncpointdata table in the Sophos45 database will reveal the properties if you're interested.

    So SEC group A could be synced with the computers container in AD.  SEC group B could be synced with the Domain controllers container in AD etc.

    So you can have multiple syncpoints targetting specific containers or you can just create one which syncs the whole domain for example.  The downside of having one sync point syncing the whole domain is that there are no filters so you might end up with a large number of unwanted groups in SEC.

    The decision will probably based on the container structure in AD.

    As it is the management service that contacts the Global Catalog server to do the actual sync, and this is running as system, you have to ensure permissions in AD are OK with the management server's machine account reading the AD records and containers otherwise it will not bring in those containers.  So in some way permissions in AD could act as a filter.

    Hope this helps.

    Thanks,

    Jak

    :4702
Unfiltered HTML