How to configure Symantec Endpoint Protection Manager to synchronize user data with a directory server

book

Article ID: 177922

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How do I setup Symantec Endpoint Protection Manager (SEPM) to import our users from a Active Directory or LDAP server?
 

Resolution

If you plan to import information about user and accounts, you must first establish a connection between the SEPM and a directory server.
To add directory servers

  1. In the console, click Admin, and then click Servers.
  2. Under View Servers, select the management server to which you want to add a directory server.
  3. Under Tasks, click Edit Server Properties.
  4. In the Server Properties for name of site dialog box, click on the Directory Servers tab
  5. In the Directory Servers section, click Add.
  6. In the dialog box, type the name for the directory server you want to add in the Name field.
  7. Select Active Directory or LDAP as the Server Type.
  8. Type the IP address, host name, or domain name in the Server IP address or name field.
  9. If you add an LDAP server, type the port number of the LDAP server in the LDAP Port box.
    • You cannot change the values if you add an Active Directory server.
    • The default port setting is 389.
  10. If you add an LDAP server, type the LDAP BaseDN in the LDAP BaseDN box.
  11. Type the user name of the authorized directory server account in the User Name field.
  12. Type the password for the directory server account in the Password field.
  13. Check Use Secure Connection, to connect with the directory server using Secure Sockets Layer (SSL).
    • If you do not check this option, a normal unencrypted connection is used.
  14. Click OK.


You can configure directory servers to import and synchronize users with the SEPM. You must have already added the directory servers before you can synchronize the information about users.

To synchronize user accounts between directory servers and a SEPM

  1. In the console, click Admin, and then click Servers.
  2. Under View Servers, select the management server to which you want to add a directory server.
  3. Under Tasks, click Edit Server Properties.
  4. In the Server Properties dialog box, click the Directory Servers tab.
  5. Check Synchronize with Directory Servers if not already checked.
  6. This option is the default setting.
  7. To schedule for how often you want to synchronize the management server with the directory server, do one of the following actions:
    • To synchronize automatically every 24 hours, click Auto-schedule. The default setting is scheduled to synchronize every 86400 seconds. You can also customize the interval by editing the tomcat\etc\conf.properties file.
    • To specify how often you want to synchronize, click Synchronize every and specify the number of hours.
  8. Click OK.

 

 


References
Steps adapted from the administration_guide.pdf. (pg 252-253)

 

 

Administration_guide.pdf is found at the following locations: