How to synchronize/Integrate Active directory with the Symantec Endpoint Protection Manager (SEPM).


Article ID: 155924


Updated On:


Endpoint Protection


How to add a Directory server in the SEPM console for Active Directory (AD) synchronization.


  • Login to the SEPM console.
  • Click Admin > Servers.
  • Right-click on the server name and select Edit the server properties.
  • Click Directory Servers tab.
  • Click Add.


  • Add Directory Server window will pop up.
  • In the General tab type the domain name.
  • For Server Type select Active Directory.
  • In Server IP Address or Name enter IP or Domain Name (For e.g. If Cu's Email address is [email protected] then try to put in domain name.)
  • Enter the username and password for a domain user or dedicated service account.
  • Click OK. (If it is not successful Check Use Secure Connection, which will use LDAP Port 636.  Click OK.)

  • In Server Properties window the Directory Server gets listed after credentials are successfully verified.
  • Under Synchronized Directory Settings check Synchronize with Directory Servers.
  • Select Schedule as per your convenience.
  • Click OK.

  • To import OUs select the Clients tab.
  • Click on the My Company group.
  • Under Tasks click Import Organizational Unit or Container.
  • Integrate with Organizational Unit Tree window will pop up.
  • Select the domain from the drop down.
  • Click OK.

Select the appropriate OU as desired to integrate with SEPM and click OK.

It will successfully synchronize AD and will integrate with the OU structure.

In case of issues with AD Sync check following logs in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log (for a 64 bit machine the location would be C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log)

Search for "Error Code" and next few lines for the reason.