21
Orphaned
Objects
To
begin
a
cleanup,
the
database
starts
with
what
are
known
as
“Orphaned”
objects.
These
are
objects
that
exist
in
the
Object
Directory;
they
are
not
visible
in
the
Endpoint
Encryption
Manager
GUI.
From
the
Endpoint
Encryption
Manager
console,
you
can
run
Group
scan
found
under
Groups
menu.
The
preferred
method
though
is
to
use
the
command
line
tool
as
the
process
can
be
automated.
The
second
step
is
to
use
the
cleanup
commands.
These
will
try
to
fix
the
objects
or
delete
them
if
they
cannot
be
fixed.
The
cleanup
commands
use
a
cautious
approach
when
deleting
objects,
so
an
object
might
not
be
deleted
even
if
it
is
unusable.
In
such
a
scenario
the
DumpMachineDesc
command
should
be
redirected
to
a
file
such
as
DumpMachine.log
to
dump
the
objects
that
do
not
respond
properly.
The
broken
objects
in
the
DumpMachine.log
can
be
deleted
from
the
database.
If
the
normal
deletion
process
does
not
work,
use
Microsoft
Windows
Explorer
to
browse
to
the
actual
location
in
the
database
and
delete
the
physical
folder.
Note:
make
sure
you
have
a
full
backup
of
SBDATA
before
doing
this.
Restore
Commands
To
restore
orphaned
user
objects
back
into
a
group,
use
this
command:
SBADMCL
‐
Command:RestoreUsers
‐
Adminuser:Admin
‐
Adminpwd:mypassword
‐
Group:"Orphaned
Users"
‐
Database:"Customer
database"
Where
“Orphaned
Users”
is
a
user
group
you
have
made
to
hold
them
(or
can
be
another
group).
To
restore
orphaned
machine
objects
back
into
a
group,
use
this
command:
SBADMCL
‐
Command:RestoreMachines
‐
Adminuser:Admin
‐
Adminpwd:mypassword
‐
Group:"Orphaned
Machines"
‐
Database:"Customer
database"
Please
note
that
these
commands
are
database
intensive
processes,
so
run
these
commands
during
non
working
hours
only,
or,
do
it
per
group
during
daytime
if
the
groups
are
small.
Cleanup
Commands
These
two
processes
have
to
be
done
per
group,
so
could
be
done
during
daytime
if
the
groups
are
small.
It
could
be
automated
running
through
a
CSV
file
with
user
groups.
To
cleanup
corrupted
User
objects
use
this
command:
SBADMCL
‐
Command:CleanupUserGroup
‐
Adminuser:Admin
‐
Adminpwd:mypassword
‐
Group:”My
Laptop
Users”
‐
Database:"Customer
database"
To
cleanup
corrupted
Machine
objects
use
this
command:
SBADMCL
‐
Command:CleanupMachineGroup
‐
Adminuser:Admin
‐
Adminpwd:mypassword
‐
Group:”
EndPoint
Encryption
Machines”
‐
Database:"Customer
database"