This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computers in Unassigned Group when Sync with AD is on

Hi,

I have question about Sophos Enterprise Console 5.4.1 Computers in Unassigned Group. I understand, that computers whose were in AD and removed, on Sophos Enterprise Console these computers would be identified and moved to Unassigned Group. How SEC reacts when computer that was in Unassigned group and after sync with AD this computer was found on Some OU that have own group? SEC moves computer automatically or how to move manually (because when sync with AD is on that is impossible) The same question with Linux OS computers?

Waiting for some help…



This thread was automatically locked due to age.
Parents
  • Hello Mantas Lenza,

    and after sync with AD this computer was found on Some OU
    first of all the computer must appear as "the same", naturally same name and domain, which includes the OS version in AD. The computer will be moved to the correct group provided you join it to the domain before installing Sophos.
    As you say you can't move it manually. Haven't tested how AD sync behaves with Linux endpoints, IIRC there have been issues as the Linux endpoints did not report the domain correctly - this might have been changed recently. If a newly install Linux endpoint appears in the correct SEC group then it should in principle work with removal as well.

    In case an endpoint appears twice (both Unassigned and the AD group) you'd perhaps have to delete both instances from the database (unsupported but works).

    Christian 

Reply
  • Hello Mantas Lenza,

    and after sync with AD this computer was found on Some OU
    first of all the computer must appear as "the same", naturally same name and domain, which includes the OS version in AD. The computer will be moved to the correct group provided you join it to the domain before installing Sophos.
    As you say you can't move it manually. Haven't tested how AD sync behaves with Linux endpoints, IIRC there have been issues as the Linux endpoints did not report the domain correctly - this might have been changed recently. If a newly install Linux endpoint appears in the correct SEC group then it should in principle work with removal as well.

    In case an endpoint appears twice (both Unassigned and the AD group) you'd perhaps have to delete both instances from the database (unsupported but works).

    Christian 

Children