Endpoint Protection

Expand all | Collapse all

How do I break the AD inheritance after import?

  • 1.  How do I break the AD inheritance after import?

    Posted 14 days ago
    We just imported several OUs from AD into our SEPM console, but we can't do anything with the devices inside the imported OUs.  We'd like to break it away from AD so we can at least move the devices from one OU to another in the SEPM console but know that they are accounted for.

    Thanks,
    Dan

    ------------------------------
    BC Liquor Distribution Branch
    ------------------------------


  • 2.  RE: How do I break the AD inheritance after import?

    Posted 13 days ago
    It's not possible to move the systems from one OU to other when synced with AD. The only way is to move systems on AD side else remove the Ad sync completely in SEPM.


  • 3.  RE: How do I break the AD inheritance after import?

    Posted 10 days ago
    It is true that you can't move clients from a SEPM group generated by importing OUs from AD.  However, you can copy them to a different group (a custom group that you created manually, NOT by importing from AD).  The next time the client has a heartbeat with the SEPM, it will receive the new group assignment (and all of the policies and settings you have configured on the new group).

    There will still be a placeholder record in the AD-generated group, but the "active" assignment will be the new group.  If at some point you want to return the active assignment to the AD-generated group, you "delete" the copied client.  The next time it has a heartbeat with a SEPM, the client will show as active in the AD-generated group.

    Does this help?