You can import group structures, or organizational units. To import the
organizational units, you use an LDAP directory server or an Active Directory
server. Symantec Endpoint Protection can then automatically synchronize the
groups on the Clients tab with those on the directory server.
You cannot use the Clients tab to manage these groups after you import them.
You cannot add, delete, or move groups within an imported organizational unit.
You can assign security policies to the imported organizational unit. You can also
copy users from an imported organizational unit to other groups that are listed
in the View Clients pane. The policy that was assigned to a group before the group
was imported has priority. A user account can exist in both the organizational
unit and in an outside group. The policy that was applied to the outside group has
priority
Reference Admin guide : pg no. 48
About importing an existing organizational structure