Symantec Endpoint Encryption 8

I am running Symantec Endpoint Encryption 8 on our network. I took over the project from another Engineer who left. I am looking to clean up the console and delete any stale computers that haven't checked in. I'm concerned as I've read some docuementation that the product has tie-ins to AD that if I delete the computer from SEE, it will actually delete the computer object from AD. Is that true? In most cases this wouldn't be an issue as these machines are probably dead anyways but sometimes the computer names are reused on new hosts that are no longer using SEE. What is the backend process that SEE goes through when you right click-delete a computer from the SEE console? Thank you!
LVL 1
jbla9028Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Yes it should if sync is setup properly. It is the same the other way round where AD delete the computer object as you can see in the link below. Basically it is two resp tables in their respective SQL DB (ie. dbo.ADComputers table and dbo.Computers table of SEEMSdb SQL db) sync-ing
 https://support.symantec.com/en_US/article.TECH200812.html

The normal sequence that I understand is
1. In SEE Manager, go to your OU and delete the computer object.
2. Wait for AD to replicate the object deletion, then wait for the SEE Manager to sync with Active Directory. (Alternatively, you can use the sync now option of the Configuration Manager.)
3. The computer should show up in SEE Unassigned Group. Once this occurs delete the computer from SEE Unassigned.
4. The computer will now show up in Deleted Computers. The computer should be removed from SEE when the management server syncs with AD again (at times, if this doesn't happens for whatever reasons and remain "permanent", (sadly) manually triggering off a re-sync of your tables).

Do note - if you find any issue removing any client entry in the table for SEE db, that can mean some other dbo is still using this string so do act with care and seek your DB admin advices. But there always seems to have hiccup in re-sync like in this case too. In short always attempt to do from central rather than at workstation setting but it is good to verify at both end  (which the entries are found in the resp tables) e.g.  http://www.symantec.com/connect/forums/symantec-endpoint-encryption-active-directory-sync-issue

Other ref for info
: Configure the Symantec Endpoint Encryption Management Server for sync  https://support.symantec.com/en_US/article.HOWTO101973.html
: Testing AD Synchronization with Symantec Endpoint Encryption Full Disk
https://support.symantec.com/en_US/article.TECH200812.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbla9028Author Commented:
Thx!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.