When you import computer accounts or user accounts from an Active Directory or LDAP server, you import these accounts as organizational units. You can then apply a security policy to the organizational unit. You can also copy these accounts to an existing Symantec Endpoint Protection Manager group.
You can import the organizational unit as a subgroup of either the My Company group or a group you create, but not the Default Group. You cannot create groups as a subgroup of an organizational unit. You cannot place an organizational unit in more than one Symantec Endpoint Protection Manager group.
If you do not want to add all accounts within an organizational unit or container to Symantec Endpoint Protection Manager, then you must still import it. Once the import completes, you copy the accounts that you want to manage to existing client groups.
For Symantec Endpoint Protection 12.1.x, however, you can select and import specific accounts.
Before you import organizational units into Symantec Endpoint Protection Manager, you must convert some of the special characters that precede a computer name or user name. You perform this task in the directory server. If you do not convert special characters, the management server does not import these accounts.
You must convert the following special characters:
A space or a hash character (#) that occurs at the beginning of an entry.
A space character that occurs at the end of an entry.
A comma (,), plus sign (+), double quotation mark ("), less than or greater than symbols (< or >), equals sign (=), semi-colon (;), backslash (\).
To allow a name that includes these characters to be imported, you must precede each character with a backslash character (\).
To import organizational units from a directory server
Connect Symantec Endpoint Protection Manager to a directory server.