-
- Expert
- Posts: 120
- Liked: 7 times
- Joined: Apr 08, 2022 4:08 pm
- Full Name: e
- Contact:
Feature Request: option to auto-delete agents that have been removed from Active Directory
I know you can turn on exclusions to remove an agent that hasn't been Inventory scanned after 30 days. This option would be more prompt, in that it would do it as soon as it detects the system has been removed from AD. (Or, perhaps you just don't want it deleted unless it is gone from AD, even if it hasn't been seen by Veeam for 30+ days).
You'd still have the backup remaining in the Disk area (unless the 'remove deleted items after X days' option has been enabled).
You'd still have the backup remaining in the Disk area (unless the 'remove deleted items after X days' option has been enabled).
-
- Product Manager
- Posts: 9848
- Liked: 2607 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Hi Edison
I'm sorry for the late answer and thanks for the request.
I tested the scenario in my active directory. When I remove a computer object from the targeted organization unit, it will be removed from the protection group. Is this behavior not similar to your feature request? When a VM gets removed from the OU, and the Agent is also removed in the VBR console?
Do I have missed something?
Thanks
Fabian
I'm sorry for the late answer and thanks for the request.
I tested the scenario in my active directory. When I remove a computer object from the targeted organization unit, it will be removed from the protection group. Is this behavior not similar to your feature request? When a VM gets removed from the OU, and the Agent is also removed in the VBR console?
Do I have missed something?
Thanks
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 120
- Liked: 7 times
- Joined: Apr 08, 2022 4:08 pm
- Full Name: e
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Thanks Fabian. Er, sorry about that. I guess it appeared for a short time, that agents were not disappearing here when I did the same, but I believe you are correct. Feel free to delete this thread if you are able. : )
-
- Expert
- Posts: 120
- Liked: 7 times
- Joined: Apr 08, 2022 4:08 pm
- Full Name: e
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Ok now I'm confused. I have been chatting with Mycah on the support team. I had said:
me: "if people add machines to an OU (that is in a protection group in Veeam), and they delete those machines from that protected OU later, those objects will stick around indefinitely, unless you also manually "remove from configuration"?"
Mycah: "a machine picked up by Veeam via OU or some other group membership will not get removed from the protection group automatically by default, unless you have an exclusion set up that would then apply and force its removal from the protection group that way.
For instance, there is an option in the exclusions to force the removal of any computer that has been offline for 30 days. Enabling this exclusion would automatically remove any computer that was removed from AD 30 days after it no longer logs in to AD.
Alternatively, you could set up an exclusion for a group or OU for decommissioned computers and instead of immediately deleting the AD object, it could be moved to that special exclusion group/OU, which would also force it out of the protection group in Veeam.
So while the base option does not automatically remove it, you can still have it be removed automatically by using the exclusions."
?
me: "if people add machines to an OU (that is in a protection group in Veeam), and they delete those machines from that protected OU later, those objects will stick around indefinitely, unless you also manually "remove from configuration"?"
Mycah: "a machine picked up by Veeam via OU or some other group membership will not get removed from the protection group automatically by default, unless you have an exclusion set up that would then apply and force its removal from the protection group that way.
For instance, there is an option in the exclusions to force the removal of any computer that has been offline for 30 days. Enabling this exclusion would automatically remove any computer that was removed from AD 30 days after it no longer logs in to AD.
Alternatively, you could set up an exclusion for a group or OU for decommissioned computers and instead of immediately deleting the AD object, it could be moved to that special exclusion group/OU, which would also force it out of the protection group in Veeam.
So while the base option does not automatically remove it, you can still have it be removed automatically by using the exclusions."
?
-
- Product Manager
- Posts: 9848
- Liked: 2607 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
I have done two tests with OU based protection groups:
Test 1 - Move to another OU
1) Removed computer object from OU LAB (moved to OU computers)
2) Rescanned AD based protection group
--> The machine is not visible anymore in the protection group
Test 2 - Removed from AD
1) Deleted the computer object completely from active directory
2) Rescanned AD based protection group
--> The machine is not visible anymore in the protection group
Just a rescan in my lab and the machine was removed from the protection group.
The agent doesn't get removed from the machine, but it will be removed from the VBR configuration database.
But that shouldn't matter in your case. If you delete the machine from the active directory, it's gone for good.
Could you please share with me the ticket number? I want to check with support about their statement to make sure that there are no misunderstandings.
Thanks
Fabian
Test 1 - Move to another OU
1) Removed computer object from OU LAB (moved to OU computers)
2) Rescanned AD based protection group
--> The machine is not visible anymore in the protection group
Test 2 - Removed from AD
1) Deleted the computer object completely from active directory
2) Rescanned AD based protection group
--> The machine is not visible anymore in the protection group
Just a rescan in my lab and the machine was removed from the protection group.
The agent doesn't get removed from the machine, but it will be removed from the VBR configuration database.
But that shouldn't matter in your case. If you delete the machine from the active directory, it's gone for good.
Could you please share with me the ticket number? I want to check with support about their statement to make sure that there are no misunderstandings.
Thanks
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 120
- Liked: 7 times
- Joined: Apr 08, 2022 4:08 pm
- Full Name: e
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Hello. It is - #05683789. Thanks : )
-
- Product Manager
- Posts: 9848
- Liked: 2607 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Thanks for the case number.
My contact in our support team is currently out of office.
I'll update the topic as soon I got my answer.
My contact in our support team is currently out of office.
I'll update the topic as soon I got my answer.
Product Management Analyst @ Veeam Software
-
- Product Manager
- Posts: 9848
- Liked: 2607 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Feature Request: option to auto-delete agents that have been removed from Active Directory
Hi Edison
Thank you for your patience.
I have discussed the case with our support team. Our statement in the support case was not correct. There was unfortunately a small bit of misinformation that was found which we have already corrected to avoid further confusion.
Correct is what we have proven with a test in this topic:
--> Machines removed from active directory or moved to non-protected organizational units will automatically disappear in an AD based protection group after a rescan.
Best regards
Fabian
Thank you for your patience.
I have discussed the case with our support team. Our statement in the support case was not correct. There was unfortunately a small bit of misinformation that was found which we have already corrected to avoid further confusion.
Correct is what we have proven with a test in this topic:
--> Machines removed from active directory or moved to non-protected organizational units will automatically disappear in an AD based protection group after a rescan.
Best regards
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: Majestic-12 [Bot] and 95 guests