I have created a lab of three servers.
1. Server configured with Active Directory
2. SEP Server
3. Normal Server -Only SEP is installed on it. No AD configured till now
I performed the following test in the labs
1) I deployed the SEP on the first server that has AD configured on it and found SEP client has automatically added the exclusion for AD's. I was able to see the exclusion in the registry
2) I depoyed the SEP on the third server and found SEP client has installed and added on exclusion.
3) I promote the third server as a DC and results are very strange. Exclusions are added automatically by SEP client in the registy.
4) I created a new group in the SEPM for DC's and create all Mandatory exclusion required for them. then move the first DC's into that group. Result was same, There was no change in the exclusion list.
Now, My question remains the same, what is promotion of DC in symantec Case.