Endpoint Protection

 View Only

  • 1.  How do I break the AD inheritance after import?

    Posted May 21, 2020 03:20 PM
    We just imported several OUs from AD into our SEPM console, but we can't do anything with the devices inside the imported OUs.  We'd like to break it away from AD so we can at least move the devices from one OU to another in the SEPM console but know that they are accounted for.

    Thanks,
    Dan

    ------------------------------
    BC Liquor Distribution Branch
    ------------------------------


  • 2.  RE: How do I break the AD inheritance after import?

    Posted May 22, 2020 03:51 PM
    It's not possible to move the systems from one OU to other when synced with AD. The only way is to move systems on AD side else remove the Ad sync completely in SEPM.
    Original Message


  • 3.  RE: How do I break the AD inheritance after import?

    Broadcom Employee
    Posted May 26, 2020 10:52 AM
    It is true that you can't move clients from a SEPM group generated by importing OUs from AD.  However, you can copy them to a different group (a custom group that you created manually, NOT by importing from AD).  The next time the client has a heartbeat with the SEPM, it will receive the new group assignment (and all of the policies and settings you have configured on the new group). 

    There will still be a placeholder record in the AD-generated group, but the "active" assignment will be the new group.  If at some point you want to return the active assignment to the AD-generated group, you "delete" the copied client.  The next time it has a heartbeat with a SEPM, the client will show as active in the AD-generated group.

    Does this help?
    Original Message