Create email distribution lists (DLs) for email notifications
Create a DL for each group of users that you want ATP to send an email notification to when an incident occurs. This notification includes information about the incident, and may be helpful for incident responders who need to react to potential threats.
You can specify this DL when you add an AD group in ATP Manager.
Create an ATP user on your AD server that has the Read all user information common task assigned to it. This task allows ATP to query your AD server for user and group information.
You specify the credentials for this user when you configure your AD domain in ATP Manager.
You only need to create this account if you configured your AD server to prevent anonymous queries. Symantec recommends that you create this user, as allowing anonymous access to your AD server may be a security risk.
Provide ATP access to your AD server over port 636.
Prepare your AD server
Ensure that your AD server is using Windows Server 2012 R2 (or later).
Issue a certificate
Issue a certificate to your primary and backup AD servers.
You provide this certificate to ATP later to enable secure communications. While this step is optional, Symantec recommends that you secure your environment.
The certificate for the AD server should be regenerated using public DNS name or IP address. The DNS name or IP address should be reachable from outside of the company network. Alternatively, add an inclusion in the company firewall so ATP can access the AD server.