Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Adding Active Directory Group to SEPM 11.x

Created: 23 Jul 2012 | 5 comments
strach's picture

Hi all, i have two doubts with SEPM and AD integration.

The first one is whether it's possible to add an AD group to SEPM?. What I'm looking for is the implementation of policies in the AD group so when i add a user to certain groups, automatically apply the custom policy. I know that i can add and synchronize a OU, but i need to synchronize a group and their members.

The second question is the next one. I have a group in my SEPM, with a custom policy and the group contains some machines (with computer mode). Then i create a group with default policies and add an OU who contains those machines, what happen with those machines? Are duplicated in the two groups? Are removed from the initial group to be in the OU group? If this second case happen, if i removed the OU the machines are moved back to the initial group?

Your help will be appreciated
 

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

the policies will be SEPM , it will not be AD policy.However the clients will have AD policy as they are taken by the client.

You can import the OU , check these links

http://www.symantec.com/business/support/index?page=content&id=TECH102546

https://www-secure.symantec.com/connect/videos/importing-active-directory-sepm

strach's picture

i understand that i can add a OU. but what i need is to add a AD group (who contains users from differents OU's) and apply SEP policies to the members of the group. So when i add a new member to that AD group, the user will have the custom SEP policies applies to the group.

SMLatCST's picture

Using an AD integrated groups structure only allows for assignment of policies by OU.  You cannot use AD groups.

Regarding you secons question about what happens if you delete an AD integrated group from the SEPM:

The SEP Clients formerly in the AD integrated group should drop into the "Preferred Group" defined in the original installation package deployed to those machines.  If no preferred group was assigned, they should just drop into the "Default Group".  More info on the "Preferred Group" below.

http://www.symantec.com/docs/HOWTO27006

Also worth noting is that the Reconnection Preferences for clients may affect this behaviour:

http://www.symantec.com/docs/TECH92236

SameerU's picture

Yes you can integrade with AD

Regards

 

Sean_Moore's picture

it can be done as I have implemented this solution for device management. You just add the user to an AD security group and the end user will receive a new policy set at next login. Watch this space as I'm going to post an article on how to achieve this with both SEP 11 and 12.

MCTS,MCSA,ACSA,SCS,STS
SME - SEP/SCSP/MS-BITLOCKER