I am having an FortiEMS AD sync issue that is similar to some other AD sync issues I found in this forum but the actual question is different. FortiClientFortiManager
Why can't my AD sync update the OUs/Groups in my FortiEMS directory?
If I change a PC name and it updates on local AD and I run a sync between EMS and AD, nothing happens. The endpoint is moved to workgroup and the old PC name hangs out in the correct OU/group in EMS (even though the device name updated and was not net new in AD). Why is that? Please don't tell me I need to delete the domain and sync from scratch anytime I make changes to AD structure, names, or names of users or devices
You will see in screenshots: 3 generic desktop names in the correct OU but the new names of the desktop were assigned to the right users but put into the workgroup in FortiEMS. So it seems there are 2 different records now for the 3 Windows devices.
In AD you will see just one set of 3 devices in the proper OU. Not sure why the AD sync wouldn't grab these details automatically?
Workgroup with new PC namesEMS directory with old PC namesAD Group
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.