You only need PGP Desktop if you require End-to-End encryption. That means that emails in the mailstore (presumably exchange) will be encrypted. If that isnt a requirement, you do not need PGP Desktop installed.
You use Directory Synchronisation via LDAP or LDAPS to sync with an Active Directory or other LDAP directory to populate the Universal Server.
You can use DLP to automate the encryption process, but UN itself has a lot of policy options to automate the encryption process also, you should definately look at the policy chains.
Edit:
You also want to have SKM (Server Key Mode) enabled as that means that keys will be generated and managed by the UN only and are only provided to authenticated users (via directory synch) - only downside to this is smart cards dont work in this mode but that doesnt sound like a requirement for you.
Good luck!