This document describes how to use an Active Directory account and password to login to the Symantec Endpoint Protection Manager (SEPM).
To setup a SEPM administrator account to use Active Directory authentication, Steps A and B are required. Step A will configure the SEPM to communicate with the Active Directory server(s). Step B will configure a SEPM administrator account to use directory authentication. Repeat Step B for every account which needs to use Active Directory authentication.
Step A - Add the Active Directory Server to the SEPM:
- Login to the SEPM
- Click Admin > Servers
- Right-click your SEPM's machine name (top-left)
- Click Edit the server properties
- Click Directory Servers > Add
- Enter a name to identify your Active Directory server.
- Select Active Directory next to Server Type
- Enter the Active Directory server IP Address or Name.
- Enter a static Active Directory username and password (that will not change) so the SEPM can communicate with the Active Directory server.
- Uncheck Use Secure Connection (Note: Presently, with this checked will not allow communication between SEPM and AD).
- Click OK. The SEPM will test the Directory Server information which was entered to confirm it works properly.
Step B - Create a new SEPM Administrator account:
- Click Admin > Administrators > Add an administrator
- Under General, enter a User name for the new administrator account. This will be the user name used to login to the SEPM.
- Enter a full name for the new administrator account. This is used for informational purposes only.
- Under Access Rights, select the appropriate rights for the administrator.
- Under Authentication, leave the Current admin password, New Password, and Confirm new password fields blank.
- Select Directory Authentication.
- In Directory Server, select the Active Directory server configured in Step A-6.
- In Account Name, enter the account name as it appears in Active Directory.
- Click Test Account, you should see "Directory account authenticated."
- Click OK
- Enter the password for the SEPM administrator account currently logged in to complete the creation of the Administrator account.
Testing the newly created account:
- Logoff the SEPM if logged in.
- Use the User name entered in Step B-2. User names are case sensitive.
- Use the Active Directory password for the Active Directory account specified in Step B-8.
- Leave the Domain field blank. (This field expects a SEPM domain and not an Active Directory domain)
Do not use the built-in SEPM "admin" account when setting up Active Directory Authentication, doing so can prevent logon access to SEPM with "Authentication Failure" error. Lockout issues can occur when changing the Active Directory account, upgrading Active Directory, changing Active Directory mode, and when removing SEPM(s) as a replication partner.
SEPM Active Directory Authentication is only supported for Admin accounts that have been created in SEPM by clicking "Add Administrator."
NOTE: The SEPM user name is taken from SEPM database while the password is taken from Active Directory for the account you specified in Account Name.