AD Sync - Remove Computers No Longer in AD
We have a ton of old computers listed that have been retired & removed from AD, but are still listed in sophos. It would be nice if AD sync had an option to automatically clear these up.
If it's not in AD and it's not reporting as online (For 2 weeks) -> Purge.
We will have a new release of the ADSync tool before the end of June that will allow syncing of devices and device groups, protected computers will not be removed from Central but unmanaged/unprotected devices will if regular syncing is setup.
Unfortunately issues were found with this feature at release and it was withdrawn, the team are looking at the issues now but a release is not expected until later in 2020.
Jim Nordahl commented
It's well past end of June, what is the current status of this new ADSync tool (and the reverse delete feature)? Simply an option to purge after a period of inactivity would be a huge improvement.
We're planning to make device deletion reversible (i.e. mistakes can be undone) in future. Until that point we do not want to automatically delete devices, as mistakes require a reinstall of the machine(s).
Admins can manually delete machines, and we have a backlog item (note: currently not planned) to offer some canned filters of the devices list view to allow easy selection of devices on/offline for different periods of time. For example: filter for machines offline >30 days, then select all and delete.