Client Management Suite

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

Hi Tal - have you enabled Directory Synchronization? 


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

Because I am seeing computers being added to the NS when a create a new object in AD, I am assuming the AD import is alive and well. I add computers to NS in two ways; AD import and manually enabling the Altiris Agent Install Service within windows. Maybe the AD Import is more complicated than I thought. Does the AD import treat managed computers differently than unmanaged computers? Or is the AD Sync based on the discovery method?
Original Message:
Sent: Aug 10, 2022 02:50 AM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hi Tal - have you enabled Directory Synchronization?


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

Yes - AD synch will remove computers no longer in AD that were never managed (never had an agent). 
If they had an agent, and you would like those to be purged, you can use Purging Maintenance configured to meet your objectives. However, it is based on the amount of time that has elapsed since a managed computer's agent last communicated with the NS. 
To see Purging Maintenance, go to Settings > All Settings > Notification Server > Purging Maintenance. See the bottom section, "Purge computers managed by this NS, ..."


Original Message:
Sent: Aug 10, 2022 02:19 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Because I am seeing computers being added to the NS when a create a new object in AD, I am assuming the AD import is alive and well. I add computers to NS in two ways; AD import and manually enabling the Altiris Agent Install Service within windows. Maybe the AD Import is more complicated than I thought. Does the AD import treat managed computers differently than unmanaged computers? Or is the AD Sync based on the discovery method?
Original Message:
Sent: Aug 10, 2022 02:50 AM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hi Tal - have you enabled Directory Synchronization?


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

So it looks like I do not have AD Sync turned on and Purging Maintenance auto-scheduled.
I want the count of computers to be as real-time as possible. We have Toughbooks and Road Warriors that may connect to NS monthly. I do not want those managed computers purged, but I do want the managed computers deleted in AD purged on the NS asap.  Do I need to write an external script that checks AD and then updates the CMDB/SQL-DB?
Am I reading the Purge Maintenance workflow correctly?:
Original Message:
Sent: Aug 10, 2022 02:28 PM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Yes - AD synch will remove computers no longer in AD that were never managed (never had an agent).
If they had an agent, and you would like those to be purged, you can use Purging Maintenance configured to meet your objectives. However, it is based on the amount of time that has elapsed since a managed computer's agent last communicated with the NS.
To see Purging Maintenance, go to Settings > All Settings > Notification Server > Purging Maintenance. See the bottom section, "Purge computers managed by this NS, ..."


Original Message:
Sent: Aug 10, 2022 02:19 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Because I am seeing computers being added to the NS when a create a new object in AD, I am assuming the AD import is alive and well. I add computers to NS in two ways; AD import and manually enabling the Altiris Agent Install Service within windows. Maybe the AD Import is more complicated than I thought. Does the AD import treat managed computers differently than unmanaged computers? Or is the AD Sync based on the discovery method?
Original Message:
Sent: Aug 10, 2022 02:50 AM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hi Tal - have you enabled Directory Synchronization?


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

Tal,

The Retire and Delete settings are not sequenced, but absolute values.  Noting that you have systems that are offline for a month, you may not want to Retire nor delete systems that will come back online.  I'd recommend Retire in 45 days, and Delete in 90 days.

For AD Sync, you can have that run daily to delete systems that have never been managed that are now deleted from AD.  Once the system has been managed (agent installed) the Purge Maintenance settings will be used to delete the system.

• I do not want those managed computers purged, but I do want the managed computers deleted in AD purged on the NS asap. 

You would need to write a custom Task to do this.  You can add these systems to ItemToDelete using a 'Run script on Server' task.  Here is a sample query: 

• insert into itemtodelete
• select Guid, GETDATE()
• from item where guid = '<guid>'

Hope that helps.
Original Message:
Sent: Aug 11, 2022 08:28 AM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

So it looks like I do not have AD Sync turned on and Purging Maintenance auto-scheduled.
I want the count of computers to be as real-time as possible. We have Toughbooks and Road Warriors that may connect to NS monthly. I do not want those managed computers purged, but I do want the managed computers deleted in AD purged on the NS asap.  Do I need to write an external script that checks AD and then updates the CMDB/SQL-DB?
Am I reading the Purge Maintenance workflow correctly?:

Purge computers managed by this NS, which have not reported data for:

Retire in:
Retire the computers. All data will remain in the database. But these computers will no longer be managed by the Notification Server.
Delete in:
Delete the computers and all associated data from the database.

Does this mean, If the computers have not communicated to the NS in 6 days, then retire the computer? If the computer has been retired for 9 days, then delete it?

Original Message:
Sent: Aug 10, 2022 02:28 PM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Yes - AD synch will remove computers no longer in AD that were never managed (never had an agent).
If they had an agent, and you would like those to be purged, you can use Purging Maintenance configured to meet your objectives. However, it is based on the amount of time that has elapsed since a managed computer's agent last communicated with the NS.
To see Purging Maintenance, go to Settings > All Settings > Notification Server > Purging Maintenance. See the bottom section, "Purge computers managed by this NS, ..."


Original Message:
Sent: Aug 10, 2022 02:19 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Because I am seeing computers being added to the NS when a create a new object in AD, I am assuming the AD import is alive and well. I add computers to NS in two ways; AD import and manually enabling the Altiris Agent Install Service within windows. Maybe the AD Import is more complicated than I thought. Does the AD import treat managed computers differently than unmanaged computers? Or is the AD Sync based on the discovery method?
Original Message:
Sent: Aug 10, 2022 02:50 AM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hi Tal - have you enabled Directory Synchronization?


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2

Hello All, I did find a script that was posted in this community in the year 2012. It is a VBS script that I have scheduled to run once a day on my NS.
It appears to be doing what I need it to do, but only time will be the true test. The ComputerList.txt needs to be in the same directory as the VBS.

On Error Resume Next

AltirisNSServer = "Enter the Name of the Altiris Server"

Set itemManagement = CreateObject("Altiris.ASDK.NS.ItemManagement")
itemManagement.TargetServer = AltirisNSServer
itemManagement.Authenticate()

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set InputList = objFSO.OpenTextFile ("CompList.txt", 1, False)
CompCount = 0
Do until InputList.AtEndOfStream
Err.Clear
CompName = InputList.ReadLine
' WScript.Echo Compname
If CompName <> "" Then
GUIDList = itemManagement.GetItemsByNameAndType(CompName, "Computer")
If UBound(GUIDList) > -1 Then
for each GUID in GUIDList
itemManagement.DeleteItem(GUID)
' If Err.Number <> 0 Then WScript.Echo "Deleting: " & GUID
Next
End If
Err.Clear
End If
Loop
WScript.Echo "Done"
InputList.Close
Original Message:
Sent: Aug 11, 2022 01:44 PM
From: Roy Brooksby
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Tal,

The Retire and Delete settings are not sequenced, but absolute values.  Noting that you have systems that are offline for a month, you may not want to Retire nor delete systems that will come back online.  I'd recommend Retire in 45 days, and Delete in 90 days.

For AD Sync, you can have that run daily to delete systems that have never been managed that are now deleted from AD.  Once the system has been managed (agent installed) the Purge Maintenance settings will be used to delete the system.

• I do not want those managed computers purged, but I do want the managed computers deleted in AD purged on the NS asap. 

You would need to write a custom Task to do this.  You can add these systems to ItemToDelete using a 'Run script on Server' task.  Here is a sample query:

• insert into itemtodelete
• select Guid, GETDATE()
• from item where guid = '<guid>'

Hope that helps.
Original Message:
Sent: Aug 11, 2022 08:28 AM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

So it looks like I do not have AD Sync turned on and Purging Maintenance auto-scheduled.
I want the count of computers to be as real-time as possible. We have Toughbooks and Road Warriors that may connect to NS monthly. I do not want those managed computers purged, but I do want the managed computers deleted in AD purged on the NS asap.  Do I need to write an external script that checks AD and then updates the CMDB/SQL-DB?
Am I reading the Purge Maintenance workflow correctly?:

Purge computers managed by this NS, which have not reported data for:

Retire in:
Retire the computers. All data will remain in the database. But these computers will no longer be managed by the Notification Server.
Delete in:
Delete the computers and all associated data from the database.

Does this mean, If the computers have not communicated to the NS in 6 days, then retire the computer? If the computer has been retired for 9 days, then delete it?

Original Message:
Sent: Aug 10, 2022 02:28 PM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Yes - AD synch will remove computers no longer in AD that were never managed (never had an agent).
If they had an agent, and you would like those to be purged, you can use Purging Maintenance configured to meet your objectives. However, it is based on the amount of time that has elapsed since a managed computer's agent last communicated with the NS.
To see Purging Maintenance, go to Settings > All Settings > Notification Server > Purging Maintenance. See the bottom section, "Purge computers managed by this NS, ..."


Original Message:
Sent: Aug 10, 2022 02:19 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Because I am seeing computers being added to the NS when a create a new object in AD, I am assuming the AD import is alive and well. I add computers to NS in two ways; AD import and manually enabling the Altiris Agent Install Service within windows. Maybe the AD Import is more complicated than I thought. Does the AD import treat managed computers differently than unmanaged computers? Or is the AD Sync based on the discovery method?
Original Message:
Sent: Aug 10, 2022 02:50 AM
From: Chris Farrell
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hi Tal - have you enabled Directory Synchronization?


Original Message:
Sent: Aug 09, 2022 05:04 PM
From: TAL FISHER
Subject: AD import adds computers but will not auto remove from AD. Is that right.

Hello all, I want the NS to remove/delete computers when the computer has been deleted from AD. The import to add or populate works, but not the deletion aspect of the AD import. How do I enable deletion within ITMS? I understand there will be human errors (or accidental deletions) so I need the  AD import to occur once every 2 to 4 hours. Or is that too much to ask?
I am on version 8.6.3268
Symantec™ Management Platform Version 8.6 RU2