How to add a Directory server in the SEPM console for Active Directory (AD) synchronization.
- Login to the SEPM console.
- Click Admin > Servers.
- Right-click on the server name and select Edit the server properties.
- Click Directory Servers tab.
- Click Add.
- Add Directory Server window will pop up.
- In the General tab type the domain name.
- For Server Type select Active Directory.
- In Server IP Address or Name enter IP or Domain Name (For e.g. If Cu's Email address is ABC@symantec.com then try to put symantec.com in domain name.)
- Enter domain administrator's username and password.
- Click OK. (If it is not successful Check Use Secure Connection, which will use LDAP Port 636. Click OK.)
- In Server Properties window the Directory Server gets listed after credentials are successfully verified.
- Under Synchronized Directory Settings check Synchronize with Directory Servers.
- Select Schedule as per your convenience.
- Click OK.
- To import OUs select the Clients tab.
- Click on the My Company group.
- Under Tasks click Import Organizational Unit or Container.
- Integrate with Organizational Unit Tree window will pop up.
- Select the domain from the drop down.
- Click OK.
Select the appropriate OU as desired to integrate with SEPM and click OK.
It will successfully synchronize AD and will integrate with the OU structure.
In case of issues with AD Sync check following logs in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log (for a 64 bit machine the location would be C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log)
Search for "Error Code" and next few lines for the reason.
*NOTE: You must enable Sylink debug logging or ADSITask-0.log will be empty. Reference - TECH104758 for clients running SEP 14.0 RU1 MP2 and earlier. For clients running SEP 14.2, refer to TECH250061.
Product :- 12.1 RU1
Operating system:- Windows server 2008 R2
Imported Document Id