search cancel

AD sync imports undesired objects and takes a long time to complete.


Article ID: 172050


Updated On:


Endpoint Protection


When synchronizing an OU structure from Activity Directory, there are unwanted user objects imported along with computer objects. With larger environments this can cause a significant delay in processing the sync results into the Symantec Endpoint Protection Manager (SEPM) database.


SEPM AD sync imports both computer and user objects. In very large environments there will be additional processing time required to sync all of the objects with the database.



The latest versions of SEPM can be configured to import only computer objects. To do so, please use the following steps:

  1. Browse to <SEPM install folder>\tomcat\etc.
  2. Make a backup copy of
  3. Edit in a text editor.
  4. Add the following line to the end of the file:
  5. Save the file.
  6. Restart SEPM services.

Upon the next AD sync, sync'd user objects will be removed from the database, and new user objects will be filtered out.