I've tried contacting support on this, but I haven't gotten an answer. In response to my domain-joined Macs generating constant LDAP traffic, I've moved them to special groups to convert them from PULL to PUSH communications. This was about 300 machines. For various reasons, I'd like to keep them with their PC counterparts in my SEPM tree.
I wondered if anyone has any insight on what kind of performance penalty I should expect if I were to convert all my clients (about 4000) to PUSH communication. I'm worried that it will bring down my server if I do; if I don't, some renegade Macs may bring down my domain controller(s).
I have the SEPM running in a VM, and an SQL DB running on a separate VM.
An article describing the Mac/LDAP issue: http://www.symantec.com/docs/TECH188297