Computers that are deleted from Active Directory are not being deleted from the database after an AD Import
search cancel

Computers that are deleted from Active Directory are not being deleted from the database after an AD Import

book

Article ID: 162549

calendar_today

Updated On:

Products

Client Management Suite

Issue/Introduction

Computers that are deleted from Active Directory are not being deleted from the database (Symantec_CMDB) after an AD Import.

Environment

Symantec Management Platform 8.x.

Cause

There can be several reasons that Directory Synchronization for the Microsoft Active Directory Import rules may not be able to delete computers from the Symantec_CMDB database after being removed from Active Directory:

  • If the Import Rule that the computer was imported with no longer exists, the computer will not be removed
  • If the computer was never imported by the Microsoft Active Directory Component, it will not be removed
  • If there is no data in the "Global Active Directory Details" data class for the "Path" value it will not be removed
  • Directory Synchronization does not remove computers that are managed; it lets Purge Maintenance take care of those computers

Resolution

Solutions:

  • If the Import rule that was used to import computers has been deleted, see KB 151975 for a way to link resources to a new rule.
  • If there is data missing in the data class "Global Active Directory Details" data class for the "Path" value, the computers will need to be deleted manually.
  • Purge Maintenance will remove computers that have become managed.

The following query can be used as a report or run from SQL Management Studio directly, to see a list of the computers that will not be removed by Directory Synchronization and the reason why.

select 
    a.Guid, 
    a.Name, 
    coalesce (a.[Managed State], a.[Has Associated Active AD Import Rule], a.[OU Path]) as 'Reason AD Sync will not delete'
from
    (
        select 
            r.Guid, 
            r.Name, 
            [Has Associated Active AD Import Rule] = 
            case 
                when COUNT (i.Guid) = 0 then 'No Active Rule'
                else null
            end, 
            case 
                when ad.[Path] is null then 'Missing OU Path'
                else null
            end as 'OU Path',
            case 
                when IsManaged = 1 then 'Managed'
                else null
            end as 'Managed State'
        from vRM_Computer_Item r
        left join Inv_Import_Rule_Imported_Items ii on ii._ResourceGuid = r.Guid
        left join Item i on i.Guid = ii.ImportRuleGuid
        left join Inv_Global_Active_Directory_Details ad on ad._ResourceGuid = r.Guid
        group by r.Guid, r.Name, IsManaged, ad.[Path]
        having COUNT (i.Guid) = 0
        or IsManaged = 1
        or ad.[Path] is null
    ) a
order by 3 desc

Powered by Wolken Software