Computers that are deleted from Active Directory are not being deleted from the database (Symantec_CMDB) after an AD Import.
Symantec Management Platform 8.x.
There can be several reasons that Directory Synchronization for the Microsoft Active Directory Import rules may not be able to delete computers from the Symantec_CMDB database after being removed from Active Directory:
Solutions:
The following query can be used as a report or run from SQL Management Studio directly, to see a list of the computers that will not be removed by Directory Synchronization and the reason why.
select
a.Guid,
a.Name,
coalesce (a.[Managed State], a.[Has Associated Active AD Import Rule], a.[OU Path]) as 'Reason AD Sync will not delete'
from
(
select
r.Guid,
r.Name,
[Has Associated Active AD Import Rule] =
case
when COUNT (i.Guid) = 0 then 'No Active Rule'
else null
end,
case
when ad.[Path] is null then 'Missing OU Path'
else null
end as 'OU Path',
case
when IsManaged = 1 then 'Managed'
else null
end as 'Managed State'
from vRM_Computer_Item r
left join Inv_Import_Rule_Imported_Items ii on ii._ResourceGuid = r.Guid
left join Item i on i.Guid = ii.ImportRuleGuid
left join Inv_Global_Active_Directory_Details ad on ad._ResourceGuid = r.Guid
group by r.Guid, r.Name, IsManaged, ad.[Path]
having COUNT (i.Guid) = 0
or IsManaged = 1
or ad.[Path] is null
) a
order by 3 desc