Endpoint Protection

Hi,

Is there any restrictions to import Global Security Groups from AD to SEPM?

It seems that there are few GSG that i cannot import because importing function cannot see them. Any idea what the problem could be. We have tested that account we are using for AD sync is working and has all the permissions to see the group.

All the basic groups can be imported without any problems.

AD Groups cannot be imported or used within the SEPM console.  The AD links only allow sync'ing of computer/user accounts from OUs into the group structure, or for logging into the console using AD creds (on a one user per account basis, again no groups).

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

Only the Organizational Unit's data is synchronized with Active Directory

The admin can select one or more users and/or computers from a group and move those selected users and computers to another group.
If the selected user or computer is in an Organizational Unit, the move means Copy. The selected user/computer will be moved to the destination group, and that user/computer criteria will be kept in the Organizational Unit.

Note: If the client is in Computer-based mode, moving the computer name of the client to another group will force the client to switch to the new group and get the new profile of that group.
If the agent is in User-based mode, moving the login user name of the client to another group will cause the client to switch to the new group and get the new profile.

Refer the following articles:

Organizational Units from Active Directory in Symantec Endpoint Protection 11.0

http://www.symantec.com/docs/TECH102546

How to configure Symantec Endpoint Protection Manager to synchronize user data with a directory server

http://www.symantec.com/docs/TECH96201