Adding Active Directory Group to SEPM 11.x
Hi all, i have two doubts with SEPM and AD integration.
The first one is whether it's possible to add an AD group to SEPM?. What I'm looking for is the implementation of policies in the AD group so when i add a user to certain groups, automatically apply the custom policy. I know that i can add and synchronize a OU, but i need to synchronize a group and their members.
The second question is the next one. I have a group in my SEPM, with a custom policy and the group contains some machines (with computer mode). Then i create a group with default policies and add an OU who contains those machines, what happen with those machines? Are duplicated in the two groups? Are removed from the initial group to be in the OU group? If this second case happen, if i removed the OU the machines are moved back to the initial group?
Your help will be appreciated
Comments 5 Comments • Jump to latest comment
the policies will be SEPM , it will not be AD policy.However the clients will have AD policy as they are taken by the client.
You can import the OU , check these links
http://www.symantec.com/business/support/index?page=content&id=TECH102546
https://www-secure.symantec.com/connect/videos/importing-active-directory-sepm
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
i understand that i can add a OU. but what i need is to add a AD group (who contains users from differents OU's) and apply SEP policies to the members of the group. So when i add a new member to that AD group, the user will have the custom SEP policies applies to the group.
Using an AD integrated groups structure only allows for assignment of policies by OU. You cannot use AD groups.
Regarding you secons question about what happens if you delete an AD integrated group from the SEPM:
The SEP Clients formerly in the AD integrated group should drop into the "Preferred Group" defined in the original installation package deployed to those machines. If no preferred group was assigned, they should just drop into the "Default Group". More info on the "Preferred Group" below.
http://www.symantec.com/docs/HOWTO27006
Also worth noting is that the Reconnection Preferences for clients may affect this behaviour:
http://www.symantec.com/docs/TECH92236
http://www.cstl.com/
Yes you can integrade with AD
Regards
it can be done as I have implemented this solution for device management. You just add the user to an AD security group and the end user will receive a new policy set at next login. Watch this space as I'm going to post an article on how to achieve this with both SEP 11 and 12.
Would you like to reply?
Login or Register to post your comment.