Recommended Approach
Use Multiple Connection Base DNs to Include Only Desired OUs
To effectively exclude the "Disabled Computers" OU from synchronization, configure multiple AD synchronization connections that explicitly specify the base Distinguished Names (DNs) of the OUs you want to include. This whitelist approach prevents unwanted OUs from syncing.
Step-by-Step Configuration
-
Access the TrendAI Vision One™ Console
- Log in to your TrendAI Vision One™ management console with appropriate administrative privileges.
-
Navigate to the Active Directory Synchronization Settings
- Go to Workflow and Automation->Third Party Integrations->Active Directory (On-Premises)-Click one configured AD->Base Distinguished Name->Specific
-
Create Multiple AD Sync Connections for Each Allowed OU
- Add a new connection for each OU you want to sync, specifying its base DN explicitly.
- Example:
- Connection 1:
OU=Engineering,OU=IT
- Connection 1:
-
Save and Apply the Configuration
- Confirm and save the changes.
- Trigger a manual synchronization to verify the new settings.
-
Verify Exclusion of Disabled Computers OU
- After synchronization completes, check the unmanaged endpoints list.
- Confirm that endpoints from the "Disabled Computers" OU no longer appear.
Additional Notes
- This method requires defining all OUs you want to sync, so plan accordingly.
- If your environment frequently changes OUs, maintain the connection list to keep sync accurate.
- The Trend Vision One built-in AD sync feature currently does not support OU exclusion filters; this whitelist method is the recommended workaround.
If further assistance is needed, contact TrendAI™ Technical Support with your AD sync configuration details.
Related Documentation
-
For detailed steps on adding and managing Active Directory computers in TrendAI Vision One™, see the Add Active Directory computers guide.
-
To understand the necessary permissions for the Active Directory service account used in synchronization, refer to Active Directory permissions.