Regarding AD integration with SEPM:
An Organizational Unit is treated as a special type of group because the imported organizational unit and the accounts in that unit cannot be modified. However, the organizational unit along with its data can be deleted as a whole by the administrator. Groups cannot be created under the Organizational Unit. The parent of an Organizational Unit can be the Group or the Organizational Unit. The administrator can select accounts from an Organizational Unit and move them to a specified group, for example, the administrator can create a group for remote users, move all of the remote users from their current organizational unit to a newly created group and assign a group policy that is tailored for the remote users in that group.
http://www.symantec.com/business/support/index?page=content&id=TECH102546
https://www-secure.symantec.com/connect/forums/ad-integration-sep-groups-computers-moving-themselves-around