You want to import DLP Users from Active Directory into User Groups and associate them with DLP Roles.

The following is a very basic, contrived example which assumes the following

1. That you have already enabled Active Directory authentication ( see KB https://knowledge.broadcom.com/external/article?articleId=171932 )
2. A domain with the following configuration:

• • Domain Name: example.com
  • Users physically reside within a Container object at:
    • CN=Users,DC=example,DC=com
  • Security Group "DLP Admins" created in AD at the following path:
    • CN=DLP Admins,OU=DLP Groups,OU=User Groups,DC=example,DC=com

1. Add a Directory Connection under System -> Settings -> Directory Connections and click Test Connection, as shown below (be sure to use the correct port for your AD):
2. Navigate to System -> Users ->  Data Sources
3. Click Add -> AD Logins Source, named "AD User Logins" as shown below and click Submit
   
4. Navigate to System -> Users -> User Groups
5. Click Create New Group, name it "DLP Admins", and configure the highlighted fields as shown below and click Save
   
   
6. Navigate to System -> Login Management -> Roles
7. Click Add Role, name it DLP Admins and select Server Administration under the User Privileges section
8. Move to the Users & Groups tab and select User Groups -> DLP Admins and click Save
9. Navigate to System -> Users -> Data Sources
10. Select the checkbox next to the AD User Logins data source and click the Import button in the toolbar

The imported users will now be added to the DLP Users (in the ProtectUser table in the database). You can view them from the console at System -> Login Management -> DLP Users. At this point you can log into the console as either of these users, with Server Management privileges.

The selected object in the User Group configuration needs to be a Security Group object in AD. The AD Logins sync and automatic role assignments will not work with Organizational Units (OUs), or specific users.