Howto rebuild PM structure by sync with AD

Hello all,


we use an installation with ~ 50 PCs and some Server (most WIN, few Linux) w ith Policy Manager 14.

My aim is it to sync the existing Policy Manager structure with AD.
I take over the job from a former collegue and would like to reorganize.

How can I do this? What's the best way?

Save the policy of a device into a file, remove all devices, sync with AD and associate the saved file?



Best Answer

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee
    Accepted Answer

    Hello Ulus,


    Even though it is possible to export host policy file, there are no means to import it back to the Policy Manager at the moment. It can be used for client software only.

    Host-specific policies would not be lost unless host is removed from the domain tree. Indeed, that may happen as AD sync removes hosts from the domain tree, if they do not belong to specified AD container. So, I’d suggest the following sequence:

    • stop and remove all existing AD Sync rules (if any);
    • move hosts to temporary policy domain before you start domain structure changes;
    • reorganise your domain tree;
    • create new rules.

    Later AD sync will move hosts to proper locations preserving policy overrides. Of course once moved, host inherits non-overriden policies from the domain...



