AD OU Group Not Up To Date

[mjolly803]

In the Management Console, we added a group via the 'Add AD OU as Group...' and are noticing that the clients listed in the group are not up to date with the computer objects in the AD OU itself.  The AD sync settings are configured to occur every hour and we do not see any failures in that process.  How can we make sure the group in the Malwarebytes Console stays up to date with the OU in AD?

[KDawg]

Hello welcome to our Business Forums mjolly

The AD sync is automatic as you mention and should be occurring regularly on your scheduled interval, we also have an option to "sync now"

Are you seeing items missing that should be there or additional items not being removed? We would want to ensure these match the AD list exactly which is the expected behaviour.

Any screen captures of the discrepancies would be helpful to our troubleshooting. 

 

[mjolly803]

Attached are a couple examples.  The first one is a PC named 'GEORGEOFFICENEW' that was added to the AD and the OU in question (TMClients) on 9 Oct 2018 and is still not present in the console.  The second example is a PC named 'SUPPORT117NEW' which no longer exists in the OU (renamed I believe) but it still shows in the console.  Additionally, in the group Ungrouped Clients, we have two PC's (SUPPORT114 & SUPPORT117) listed as ungrouped, but they are a part of the OU in AD (example #3).

We debated removing the OU from the console then adding it back, but we were not sure of the full repercussions of that and we are speculating the issue is in the database and were unsure if removal of the OU group would trigger the clean out of all those associated records to then re-add the OU fresh.

[KDawg]

The Remove and Re-Adding of the OU should refresh these and ensure a sync.

As well on the same page, we should have a button to "Sync" the ad without needing to re-add.

I would recommend to try the Sync button first and to re-add if we still do not see those new endpoints.

Let us know if these do not bring these machines into the correct OU's?

[mjolly803]

We have previously tried the Sync button multiple times without success, so we went the remove and re-add route.  At this point, the list of clients in the console matches the OU in AD.  All the listed clients are showing in an Unregistered status, but we will give that some time for the deployed client software to connect back and report status to the server.  

Thank you for the assistance thus far!