Endpoint Protection

Hello,

If we sync SEPM with AD and import OU, this will affect the current policies and groups in SEPM that are created, is that right? We have been using the current setup in SEPM for a long time, with different groups, policies etc. And now the customer asked, if we sync with AD, will this affect the currrent setup? Will the machines currently located in Servers group, Workstations group in SEPM disappear after we sync with AD and go to their OUs?

Regards

Hi S_K,

I recommend you review the following document.

http://www.symantec.com/business/support/index?page=content&id=TECH102546&actp=search&viewlocale=en_US&searchid=1317886152726

You select the group and then will import the OU from the AD, once the OU are imported into SEPM the policy can be applied, by default the policy will be the one that is applied to the group from OU's are imported. 

Hi hidayetaltun,

Thanks for this article but I already read it :). If we setup new environment and import OUs it's fine. But if everything was already setup and worked for a long time, my question was will we mess anything if sync now SEPM with AD and import OU?

Check the links

http://www.symantec.com/business/support/index?page=content&id=HOWTO27457

https://www-secure.symantec.com/connect/videos/importing-active-directory-sepm

Very useful links hidayetaltun, thanks for that. So what I read there is:

" The policy that was assigned to a group before the group was imported has priority"

Does it mean that after sync with AD, the machines that were already placed in groups created in SEPM, will still stay in these groups or they will move to their AD OUs and will disapear from the SEPM groups created before?

No,

Will not be lost except by deleting

Clients will be part of the OU , its the replica of the OU. In case if the client is present in the group the client will be seen in the group as per my understanding.

One more thing, if I want to keep the current group structure after SEPM is synced with AD, can I for example import OU for US workstations in My Company\Workstations\US where the previously placed machines are, also import OU for Europe workstations in My Company\Workstations\Europe or it's better that the whole AD tree is imported? 

you can select the limited OU's, better to import the OU's which you want to manage

thanks to all for the advices, I think now all is clear  :)

just to ask another thing, if I have 1 SEPM servers synced with AD and want to install 2nd for failover (both using the same SQL database), do I need to add into the 2nd one Directory server or there is no need? When I login to the second SEPM, will I see the imported OUs there? 

yes, you can see the imported OU's on the other SEPM as groups always replicate.

thanks for the reply pete