Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 3695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how can I add/connect for sync different AD-OUs to one Group inside SEC

ThomasSteffen

I want to sync AD-OUs with groups that I added inside SEC. My problem is that I need to connect diffent AD-OUs to one SEC-Group. How can I realize this?



This thread was automatically locked due to age.
Parents
  • 0

    Hello ThomasSteffen,

    AD sync synchronizes an OU (mirroring all its structure and importing/deleting computer objects) with a specific SEC group. You can't map different OUs to the same group and you can't modify the (sub-)group structure under a synchronized group.
    Why do you want to sync? Please be detailed - there might be other ways to achieve what you need.

    Christian

  • 0 in reply to QC

    I have a Group for PC inside SEC and would like to have that all PC's which are inside our AD in different OUs are automaticly collect to this SEC-Group.

    If a computer account will be deleted inside AD it should be moved inside SEC to unregister.

  • 0 in reply to ThomasSteffen

    Hello ThomasSteffen,

    [a deleted computer account should be moved to Unassigned]
    fair enough. Unfortunately you can't AFAIK mimic this functionality of sync. There's no other (non-human) interface with which you could tell SEC that an endpoint is gone for good.
    Please note that even if "collecting" the PCs were possible it would have one IMO significant drawback: You can only assign a specific policy (e.g. for cleaning up an endpoint after an incident) if you move it in AD - something that might or might not be feasible.

    Is a "notification" that a computer has been decommissioned all that you want to "know" (i.e. instead of getting a list you'll find the computers in \Unassigned and know they're gone)? Are your endpoints deployed using the GroupPath (i.e. they appear already in a specific group instead of \Unassigned)

    Christian

Reply
  • 0 in reply to ThomasSteffen

    Hello ThomasSteffen,

    [a deleted computer account should be moved to Unassigned]
    fair enough. Unfortunately you can't AFAIK mimic this functionality of sync. There's no other (non-human) interface with which you could tell SEC that an endpoint is gone for good.
    Please note that even if "collecting" the PCs were possible it would have one IMO significant drawback: You can only assign a specific policy (e.g. for cleaning up an endpoint after an incident) if you move it in AD - something that might or might not be feasible.

    Is a "notification" that a computer has been decommissioned all that you want to "know" (i.e. instead of getting a list you'll find the computers in \Unassigned and know they're gone)? Are your endpoints deployed using the GroupPath (i.e. they appear already in a specific group instead of \Unassigned)

    Christian

Children
No Data
Unfiltered HTML