Knowledge Center

Active Directory Sync populates machines to unexpected locations in the ePolicy Orchestrator System Tree
Technical Articles ID:   KB88887
Last Modified:  9/15/2017


McAfee ePolicy Orchestrator (ePO) 5.x


While performing an Active Directory (AD) sync as the Owner User, the System Tree displays incorrect information regarding the machine's location in AD. All of the following conditions are also true:
  • This happens to machines with or without an agent installed.
  • Deleting and recreating the LDAP registered server does not resolve the issue.
  • Aliases for AD are not in use.
  • There are no duplicate object names in the domain. 
  • Multiple merging points are added in the "Containers" section on the AD Sync page.
The orion.log only records the following:

2016-11-22 09:45:07,204 WARN  [http-nio-8445-exec-9] command.SyncNowCommand  - a command of type com.mcafee.epo.computermgmt.ui.command.SyncNowCommand should have its resource property set


The issue is caused when multiple merging points are added in the "Containers" section on the AD Sync page.

While merging multiple tree structures, it overwrites the parent container location, causing the LDAP location details to be lost.


This issue is resolved in ePO 5.3.3, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Rate this document


This article is available in the following languages:

English United States

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.