Hello all. This is just a question - not urgent. I noticed when I looked at my Domain Controllers in Sophos Enterprise Console that one of them was missing. But the DC does show up when I look at all managed computers. For some reason Sophos Enterprise Console is putting this computer in the "Managed Service Accounts" group. Things I've checked: The computer account is located in the Domain Controllers OU Moving the computer account to a different OU then back to Domain Controllers did not correct it It's not causing any problems that I'm aware of, but it's just weird that it isn't just following the OU structure, like it did for every other computer account. Has anyone else seen this? How can I correct it? Thanks in advance.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain controller computer account located in wrong Sophos group

Hello all.

This is just a question - not urgent. I noticed when I looked at my Domain Controllers in Sophos Enterprise Console that one of them was missing. But the DC does show up when I look at all managed computers. For some reason Sophos Enterprise Console is putting this computer in the "Managed Service Accounts" group.

Things I've checked:

The computer account is located in the Domain Controllers OU
Moving the computer account to a different OU then back to Domain Controllers did not correct it

It's not causing any problems that I'm aware of, but it's just weird that it isn't just following the OU structure, like it did for every other computer account.

Has anyone else seen this? How can I correct it?

Thanks in advance.

This thread was automatically locked due to age.

Parents

0 QC over 6 years ago

Hello Bryan Gritton,

SEC doesn't (repeatedly) put a computer in a specific group unless you are using AD Sync. Are you using it, if so - which SEC group is the root and what is the AD container chosen?

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Bryan Gritton over 6 years ago in reply to QC

Thanks for the reply Christian. You're always helpful.

This particular environment is a small server farm, so all the servers should be part of the Global Group. AD Sync is turned on, but probably doesn't need to be. This environment doesn't change very often.

I took a couple screenshots. Are these the info you asked for?
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to Bryan Gritton

Hello Bryan Gritton,

if you don't need AD Sync just turn it off (this way you can get rid of the ridiculous Program Data group too) .
In AD - is there "something" in Managed Service Accounts?

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago in reply to Bryan Gritton

Hello Bryan Gritton,

if you don't need AD Sync just turn it off (this way you can get rid of the ridiculous Program Data group too) .
In AD - is there "something" in Managed Service Accounts?

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Bryan Gritton over 6 years ago in reply to QC

I'll turn off the AD Sync.

There are some managed service accounts in Managed Service Accounts.
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to Bryan Gritton

Hello Bryan,

MSAs are both computers and users so maybe AD Sync "sees" one of the accounts as the DC in question (well, it should see the DC then in two OUs, can't say why it would prefer this one)

Christian
Cancel
Vote Up 0 Vote Down

Cancel