Hi,
Thank you for posting in Symantec community.
I would be glad to answer your query.
You can import and synchronize information about user accounts and computer accounts from an Active Directory server or an LDAP directory server. You can import group structures, or Organizational Units (OUs). Symantec Endpoint Protection can then automatically synchronize the groups on the Clients tab with those on the directory server.
You cannot use the Clients tab to manage these groups after you import them. You cannot add, delete, or move groups within an imported OU.
You can assign security policies to the imported OU. You can also copy users from an imported organizational unit to other groups that are listed in the View Clients pane. The policy that was assigned to a group before the group was imported has priority. A user account can exist in both the OU and in an outside group. The policy that was applied to the outside group has priority.
WARNING:
Do not use the built-in SEPM "admin" account when setting up Active Directory Authentication, doing so can prevent logon access to SEPM with "Authentication Failure" error. Lockout issues can occur when changing the Active Directory account, upgrading Active Directory, changing Active Directory mode, and when removing SEPM(s) as a replication partner.
SEPM Active Directory Authentication is only supported for Admin accounts that have been created in SEPM by clicking "Add Administrator."
NOTE: The SEPM user name is taken from SEPM database while the password is taken from Active Directory for the account you specified in Account Name.
Refer the following links:
How to setup a SEPM administrator account to use your Active Directory authentication
http://www.symantec.com/business/support/index?page=content&id=TECH104726
How to configure Symantec Endpoint Protection Manager to synchronize user data with a directory server
http://www.symantec.com/docs/TECH96201