cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 10
‎07-20-2019 09:48 AM

synchronize AD groups with ePO groups

Hi,

Is it possible to synchronize AD groups with ePO groups? Because we have got domain policies enforced on OUs. In ePO we also have got different policies which should be enforced on different groups and we have got same groups in AD. What I need is to synchronize AD groups (which are under AD OUs) with ePO groups. Is it possible or should I do it manually?

Thanks,

Trellix ePolicy Orchestrator 

Trellix ePolicy Orchestrator
Trellix
Trellix ePolicy Orchestrator
McAfee Enterprise Products
View in Store
0 Kudos
Reply
9 Replies
cdinet
Employee
Employee
Report Inappropriate Content
Message 2 of 10
‎07-22-2019 05:14 AM

Re: synchronize AD groups with ePO groups

There is an option in ad sync settings to pull systems and system tree structure.  This will mirror your AD group in epo system tree.  Be very careful doing this, if your systems are in a different system tree structure.  What I would suggest before doing that is to turn off the epo server service (apache) on epo and any agent handlers to prevent clients from getting any policy changes.  Then you can run your ad sync and once that reorganizes your system tree, make sure all the right policies and tasks are assigned properly.  Then you can turn apache back on.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 10
‎07-22-2019 05:46 AM

Re: synchronize AD groups with ePO groups

@cdinet 

Thank you for your reply.

I seem not to be able to find the option you are referring to. Could you please let me know what option and where allows us to "pull systems and system tree structure"?

Thank you in advance.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 4 of 10
‎07-22-2019 05:55 AM

Re: synchronize AD groups with ePO groups

adsync.png

That is the option checked that I am referring to.  You would choose systems and container structure, then second option move systems from current system tree location as I have checked.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 10
‎07-27-2019 08:06 AM

Re: synchronize AD groups with ePO groups

@cdinet 

Thank you so much for your guide.

To me it seems that I am doing something wrong. If you kindly take a look at the screenshot attached I have got two groups in the root of AD but they are not synced at all. Could you please let me know what I am misunderstanding here?

Thank you in advance.gz_ad.jpg

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 6 of 10
‎07-29-2019 05:39 AM

Re: synchronize AD groups with ePO groups

Which specific group names are you referring to? 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 10
‎07-29-2019 08:29 AM

Re: synchronize AD groups with ePO groups

@cdinet 

I have got only two groups, "allow-usb" and "test-dlp" as you might see in the bottom of the picture. I want these two groups to be synced with McAfee System Tree.

Thank you

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 8 of 10
‎07-29-2019 09:04 AM

Re: synchronize AD groups with ePO groups

Those are user groups, not computers.  The AD sync in system tree only syncs computers.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 10
‎08-04-2019 05:39 AM

Re: synchronize AD groups with ePO groups

@cdinet 

Thank you for your reply.

So in that case groups cannot be synced at all and talking of groups is meaningless. Are there any other type of groups except what we see in my picture?

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 10 of 10
‎08-12-2019 10:00 AM

Re: synchronize AD groups with ePO groups

Any AD group can be synced with the AD sync task, but they must be computer groups, not users. The AD sync can only sync computers, not users. That is a completely different task and purpose to sync ldap users. But for the ad sync in the system tree, it only looks for systems. If there are no systems in a group, it will not sync that group.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC