search cancel

Change AD sync OUs structure to SEPM OUs structure.

book

Article ID: 175156

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEPM uses OUs synced from AD/LDAP computer groups and you would like to use new SEPM OUs instead.

Cannot move client machines from AD/LDAP imported OUs to SEPM managed OUs.

Environment

Any SEPM with AD /LDAP imported OUs.

Cause

By Product design you can only copy the client machine into the SEPM group.

Resolution

A- stop sync and delete AD OUs , the clients goes directly to Default group afterwards you will move them to the OUs created by you.
B - Create a SEPM OU and copy policy from AD OU. Stop sync and copy clients from AD OU to newly created SEPM OU, then delete the AD OU.
C - Copy the clients to their new SEPM created OUs and then stop LDAP Sync and delete the AD OUs and the clients will stay in the new copied groups.

 

Note: Better to use A as solution since this will prevent copied client in solution be from creating client_ID

Note: using solution A will force clients to use assigned policies for default group for a short moment the time will be moved to their new respective groups.

Note: Because the client in a SEPM managed group has more priority than an AD imported group, you can copy any client in the imported AD group to a SEPM created group. Then you can create and apply any policy or settings to the SEPM group, thus saving your current policy settings.