Orphaned Objects
To begin a cleanup, the database starts with what are known as "Orphaned" objects.
These are objects that exist in the Object Directory; they are not visible in the Endpoint Encryption Manager
GUI.
From the Endpoint Encryption Manager console, you can run Group scan found under Groups menu. The
preferred method though is to use the command line tool as the process can be automated.
The second step is to use the cleanup commands. These will try to fix the objects or delete them if they cannot
be fixed. The cleanup commands use a cautious approach when deleting objects, so an object might not be
deleted even if it is unusable.
In such a scenario the DumpMachineDesc command should be redirected to a file such as DumpMachine.log
to dump the objects that do not respond properly. The broken objects in the DumpMachine.log can be deleted
from the database. If the normal deletion process does not work, use Microsoft Windows Explorer to browse
to the actual location in the database and delete the physical folder. Note: make sure you have a full backup of
SBDATA before doing this.
Restore Commands
To restore orphaned user objects back into a group, use this command:
SBADMCL ‐Command:RestoreUsers ‐Adminuser:Admin ‐Adminpwd:mypassword ‐Group:"Orphaned Users" ‐
Database:"Customer database"
Where "Orphaned Users" is a user group you have made to hold them (or can be another group).
To restore orphaned machine objects back into a group, use this command:
SBADMCL ‐Command:RestoreMachines ‐Adminuser:Admin ‐Adminpwd:mypassword ‐Group:"Orphaned
Machines" ‐Database:"Customer database"
Please note that these commands are database intensive processes, so run these commands during non
working hours only, or, do it per group during daytime if the groups are small.
Cleanup Commands
These two processes have to be done per group, so could be done during daytime if the groups are small. It
could be automated running through a CSV file with user groups.
To cleanup corrupted User objects use this command:
SBADMCL ‐Command:CleanupUserGroup ‐Adminuser:Admin ‐Adminpwd:mypassword ‐Group:"My Laptop
Users" ‐Database:"Customer database"
To cleanup corrupted Machine objects use this command:
SBADMCL ‐Command:CleanupMachineGroup ‐Adminuser:Admin ‐Adminpwd:mypassword ‐Group:" EndPoint
Encryption Machines" ‐Database:"Customer database"
21