Step 1

Connect Symantec Endpoint Protection Manager to your company's directory server

You can connect Symantec Endpoint Protection Manager to either Active Directory or an LDAP-compatible server. When you add the server, you should enable synchronization.

See About importing organizational units from the directory server.

See Connecting Symantec Endpoint Protection Manager to a directory server.

See Connecting to a directory server on a replicated site.

Step 2

Import either entire organizational units or specific computer accounts or user accounts

You can either import the existing group structure, or import individual computer accounts or user accounts into the Symantec Endpoint Protection Manager groups that you create.

See Importing organizational units from a directory server.

If you want to use the group structure of Symantec Endpoint Protection Manager and not the directory server, import individual accounts.

See Searching for and importing specific accounts from a directory server.

Step 3

Either keep imported computer or user accounts in their own group or copy imported accounts to existing groups

After you import organizational units, you can do either of the following actions:

See Assigning a policy to a group.

See The types of security policies.

Step 4

Change the authentication method for administrator accounts (optional)

For the administrator accounts that you added in Symantec Endpoint Protection Manager, change the authentication method to use directory server authentication instead of the default Symantec Endpoint Protection Manager authentication. You can use the administrator accounts to authenticate the accounts that you imported. When an administrator logs on to Symantec Endpoint Protection Manager, the management server retrieves the user name from the database and the password from the directory server.

See Changing the authentication method for administrator accounts.

See Best practices for testing whether a directory server authenticates an administrator account.