When you synchronize the Symantec Endpoint Protection Manager (SEPM) with Active Directory (AD), it works without any errors in SEPM system logs. However, Organizational Unit (OU) content into SEPM Will sometimes not reflect the OU content shown in AD (i.e. renamed OU which keeps previous name in SEPM, Or new clients are not showing in the correct OU).
You may also notice a lot of clients are available into Default Group. these are clients sould be in an OU. When you try to follow TECH95924, it does not work.
No errors inside ADSITask-0.log, ConnectDirectoryServer-0.log and ImportADSI-0.log.
LDAP queries within the SEPM are simple, because of this they are unable to respond to significant changes to OUs.
For example. In a structure such as the one below, to pick up the change to the OU, you must delete and re-add the *containing* OU.
If "NAM" is renamed to "America", you must delete and re-add "Sales" to guarantee that the NAM OU is correctly renamed to America. Otherwise, the NAM OU will persist, a new OU America will not be created, but the clients will believe that they should be in "America", and since that OU does not exist, they will revert to the Default folder.
The fastest, simplest and easiest method to recover from this situation is to delete the entire tree and create a new AD Synch to pull in the new structure.
Delete all affected OU's and import them back.
To Delete the organizational units:
Right click on the OU, select "Delete"
To import organizational units from a directory server: