Re: Associating AD user with Policies
Thanks for your help so far.
I might be asking the same question over again, but I need to understand how the policy associations could work for our company, as we are in an Eval stage and trying to select an endpoint solution.
I have tested your recommendations, but the results came out different to what I expected.
User3 never logged in before. Assigned to AD group Endpoint2 which should get Policy2
When logged in the user got Policy2 which is correct. It also imported the user into the MC (as an individual user) and is listed at the bottom of the Directory List under the Publish tab.
I hovered over the top of both Endpoint2 and User3 = Both have Policy2 (Which is correct).
Moved User3 to AD group Endpoint1 = Policy 1
Checked for update and User3 was still getting Policy2 (No change. This is working as expected, as you explained)
Logged off and on again (No Change to the Policy. This is working as expected, as you explained)
Made a change to Policy1 and Re-Published it to AD group Endpoint1.
This should mean that my User3 should be punished with Policy1. (as detailed in your previous response).
Unfortunately User3 still had the Policy2 (No change).
Then I hovered over the Endpoint1 and user3 ------ Endpoint1 = Policy1 (Correct) and User3 = Policy2 (Not correct)
This gave me the impression that although I re-published the policy to the AD group, it was not applied to users that had already logged in and been assigned a previous policy.
So this time I published Policy1 to the individual user at the end of the list and the correct policy (Policy1) was applied.
It looks like once a user has been Registered and imported into the MC, it only uses AD groups once (on import). Once the user then exists within MC the policy assignment needs to take place at an individual entity (User) level. Is this correct ?
|
Threaded Mode
