Symantec Endpoint Encryption 8

I am running Symantec Endpoint Encryption 8 on our network. I took over the project from another Engineer who left. I am looking to clean up the console and delete any stale computers that haven't checked in. I'm concerned as I've read some docuementation that the product has tie-ins to AD that if I delete the computer from SEE, it will actually delete the computer object from AD. Is that true? In most cases this wouldn't be an issue as these machines are probably dead anyways but sometimes the computer names are reused on new hosts that are no longer using SEE. What is the backend process that SEE goes through when you right click-delete a computer from the SEE console? Thank you!
LVL 1
jbla9028Asked:
Who is Participating?
 
btanExec ConsultantCommented:
Yes it should if sync is setup properly. It is the same the other way round where AD delete the computer object as you can see in the link below. Basically it is two resp tables in their respective SQL DB (ie. dbo.ADComputers table and dbo.Computers table of SEEMSdb SQL db) sync-ing
 https://support.symantec.com/en_US/article.TECH200812.html

The normal sequence that I understand is
1. In SEE Manager, go to your OU and delete the computer object.
2. Wait for AD to replicate the object deletion, then wait for the SEE Manager to sync with Active Directory. (Alternatively, you can use the sync now option of the Configuration Manager.)
3. The computer should show up in SEE Unassigned Group. Once this occurs delete the computer from SEE Unassigned.
4. The computer will now show up in Deleted Computers. The computer should be removed from SEE when the management server syncs with AD again (at times, if this doesn't happens for whatever reasons and remain "permanent", (sadly) manually triggering off a re-sync of your tables).

Do note - if you find any issue removing any client entry in the table for SEE db, that can mean some other dbo is still using this string so do act with care and seek your DB admin advices. But there always seems to have hiccup in re-sync like in this case too. In short always attempt to do from central rather than at workstation setting but it is good to verify at both end  (which the entries are found in the resp tables) e.g.  http://www.symantec.com/connect/forums/symantec-endpoint-encryption-active-directory-sync-issue

Other ref for info
: Configure the Symantec Endpoint Encryption Management Server for sync  https://support.symantec.com/en_US/article.HOWTO101973.html
: Testing AD Synchronization with Symantec Endpoint Encryption Full Disk
https://support.symantec.com/en_US/article.TECH200812.html
0
 
jbla9028Author Commented:
Thx!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.