You must first connect Symantec Endpoint Protection Manager to your company's directory server before you can import the organizational units that contain computer accounts or user accounts.
You cannot modify the accounts in organizational units in the management server, only in the directory server. However, you can synchronize the account data between an Active Directory server and the management server. Any changes you make in the Active Directory server are automatically updated in Symantec Endpoint Protection Manager. Any changes that you make on the Active Directory server do not appear immediately in the organizational unit that was imported into the management server. The latency period depends on the synchronization frequency. You enable synchronization and set the synchronization frequency when you configure the connection.
If you delete a directory server connection from Symantec Endpoint Protection Manager, you must first delete any organizational units that you imported that are associated with that connection. Then you can synchronize data between the servers.
Synchronization is only possible for Active Directory Servers. Symantec Endpoint Protection does not support synchronization with LDAP servers.
To connect Symantec Endpoint Protection Manager to a directory server
In the console, click Admin > Servers.
Under Servers and Local Site, select the management server.
Under Tasks, click Edit the server properties.
In the Server Properties dialog box, on the Directory Servers tab, click Add.
In the Add Directory Server dialog box, type a name for the directory server.
Check Active Directory or LDAP and type the IP address, host name, or domain name.
If you add an LDAP server, change the port number of the LDAP server if it should be different than the default value.
If you want an encrypted connection, check Use Secure Connection.
On the Directory Servers tab, check Synchronize with Directory Servers and under Schedule, set up the synchronization schedule.