ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AD sync imports undesired objects and takes a long time to complete.

book

Article ID: 172050

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When synchronizing an OU structure from Activity Directory, there are unwanted user objects imported along with computer objects. With larger environments this can cause a significant delay in processing the sync results into the Symantec Endpoint Protection Manager (SEPM) database.

Cause

SEPM AD sync imports both computer and user objects. In very large environments there will be additional processing time required to sync all of the objects with the database.

Resolution

{FIXED_DOWNLOAD_LATEST.EN_US}

The latest versions of SEPM can be configured to import only computer objects. To do so, please use the following steps:

  1. Browse to <SEPM install folder>\tomcat\etc.
  2. Make a backup copy of conf.properties.
  3. Edit conf.properties in a text editor.
  4. Add the following line to the end of the file:
    scm.adsi.computer.filter.enabled=true
  5. Save the file.
  6. Restart SEPM services.

Upon the next AD sync, sync'd user objects will be removed from the database, and new user objects will be filtered out.