When you synchronize the Symantec Endpoint Protection Manager (SEPM) with Active Directory (AD), it works without any errors in SEPM system logs. However, Organizational Unit (OU) content into SEPM Will sometimes not reflect the OU content shown in AD (i.e. renamed OU which keeps previous name in SEPM, Or new clients are not showing in the correct OU).
You may also notice a lot of clients are available into Default Group. these are clients sould be in an OU. When you try to follow TECH95924, it does not work.
SEPM syncronized with Active Directory.
No errors inside ADSITask-0.log, ConnectDirectoryServer-0.log and ImportADSI-0.log.
LDAP queries within the SEPM are simple, because of this they are unable to respond to significant changes to OUs.
For example. In a structure such as the one below, to pick up the change to the OU, you must delete and re-add the *containing* OU.
If "NAM" is renamed to "America", you must delete and re-add "Sales" to guarantee that the NAM OU is correctly renamed to America. Otherwise, the NAM OU will persist, a new OU America will not be created, but the clients will believe that they should be in "America", and since that OU does not exist, they will revert to the Default folder.
The fastest, simplest and easiest method to recover from this situation is to delete the entire tree and create a new AD Synch to pull in the new structure.
Delete all affected OU's and import them back.
To Delete the organizational units:
Right click on the OU, select "Delete"
To import organizational units from a directory server:
In the console, click Clients, and under Clients, select the group to which you want to add the organizational unit.
Under Tasks, click Import Organizational Unit or Container.
In the Domain drop-down list, choose the directory server name you created
Select either the domain or a subgroup.
- Test ODBC connection: failed -> fixed but the issue was still there. - Tried to remove/create again settings for Active Directory, use another DC: same issue. - Tried to remove two OU then import them back: same issue. - Tried to synchronize OU at different level of group tree in SEPM: same issue. - Tried to use URL to clean clients: same issue.
- Check AD status following Microsoft KB: correct.
Imported Document ID: TECH147382
Subscribing will provide email updates when this Article is updated. Login is required.