[KB7819] Managing computers using Active Directory synchronization in ESET PROTECT On-Prem (Windows)

Issue

  • Manage computers via Active Directory synchronization in ESET PROTECT On-Prem

Solution

  1. Prerequisites
  2. View unmanaged client computers in Active Directory
  3. Remove client computers that are no longer available or disabled in Active Directory
  4. Remove duplicate computers automatically

I. Prerequisites

  • ESET PROTECT Server installed
  • Network infrastructure using Active Directory

II. View unmanaged client computers in Active Directory

Synchronize ESET PROTECT On-Prem with Active Directory:

Read our Knowledgebase article about Active Directory synchronization in ESET PROTECT On-Prem.

After the Active Directory computers are synchronized to ESET PROTECT Web Console, you can filter computers that are not managed by ESET by filtering them in a generated report.

  1. Open ESET PROTECT On-Prem in your web browser and log in.
  1. Select ReportsNew Report Template.
Figure 1-1
  1. In Basic, type the Name of the report template and select the Computers category.

Figure 1-2
  1. Click Chart and select the check box under Display Table.

Figure 1-3
  1. Click Data Add Column.

Figure 1-4
  1. Select ComputerComputer name. Click Add Column and select ComputerManaged computer.

  2. Click Finish.

Figure 1-5
  1. Find the report you have created, click the gear icon and select Generate Now.

Figure 1-6
  1. You can see the unmanaged computers marked as 'no' or you can click Generate and Download and download the report as a CSV file and filter the unmanaged computers in the report.

Figure 1-7

III. Remove client computers that are no longer available or disabled in Active Directory

You have two options for removing client computers that are no longer available or are disabled in Active Directory:

  1. Using the Static Group Synchronization server task: In the Settings section select Computer Extinction HandlingRemove.

    Figure 2-1
  2. Using the Delete Not Connecting Computers server task.


IV. Remove duplicate computers automatically

If there are two computers with the same name and they are both listed in the Computers section of ESET PROTECT Web Console, these duplicate records are most likely caused by the re-installation of the ESET Management Agent. Run the Delete Not Connecting Computers server task to remove the obsolete entry from ESET PROTECT Web Console.

To resolve computer name conflicts (duplicate computers) between computers already present in ESET PROTECT On-Prem and those added via Active Directory synchronization, use the Static Group Synchronization server task: In the Settings section, select Computer Creation Collision HandlingMove. A new computer with the same name as another already managed computer will be moved to a subgroup.

Figure 3-1