search cancel

Symantec Endpoint Protection Manager: Imported Active Directory OU or LDAP Container does not accurately list member computers


Article ID: 151575


Updated On:


Endpoint Protection


You have imported an AD OU (Active Directory Organizational Unit) or LDAP Container into your SEPM (Symantec Endpoint Protection Manager).

Member computers are not listed accurately in the SEPM AD OUs.

Removing, re-adding, or altering the AD server information in the SEPM server properties may cause symptoms. You may also be working on a SEPM that is part of a replication relationship and your SEPM users a different directory server address (or has no address) with which to synchronize AD OUs.
  • OU members appear in the SEPM Temporary group rather than the imported OU group.
  • OUs may display different contents across different SEPMs in a replication relationship.
  • SEP client status icons in the SEPM console may not accurately reflect the client's state.
  • "Sync Now" works on one SEPM in a replication relationship, but not on another.


Your SEPM may not have a directory server address with which to synchronize AD OUs. The imported OU may have not been synchronized yet with new AD (Active Directory) members, and/or replication has not yet occurred with other SEPMs. Other causes are addressed in Symantec Endpoint Protection 11.0 MR 4 (Maintenance Release 4) and newer.


Ensure you are using a SEPM that includes Active Directory or LDAP server addresses in its properties (SEPM console, Admin tab, Servers: select a server and edit properties).

Upgrade to Symantec Endpoint Protection 11.0 MR 4 (Maintenance Release 4) or newer.