When running an Active Directory Import task in ITMS, the process identifies and imports phantom or bogus resources that do not represent actual hardware in the environment. These resources appear as valid computer accounts in the Symantec Management Platform (SMP) console but cannot be managed or reached.

ITMS 8.x

This behavior is caused by the Symantec Threat Defense for Active Directory (TDAD) component. TDAD is designed to protect Active Directory by contaminating LDAP query outputs with phantom resources (deception objects) .

Because the ITMS AD Import task uses standard LDAP queries to discover objects, it inadvertently pulls in these intentional deceptions created by the TDAD agent or gateway.

To resolve the issue and ensure only valid resources are imported, the TDAD component must be removed or disabled on the systems acting as collectors/gateways for the AD environment. Once TDAD is removed, the LDAP query output returns to its legitimate state, and the ITMS import task no longer brings in phantom resources.