Note: Do not synchronize the Active Directory (AD) groups with more than one Symantec Endpoint Protection Manager. 

• Login to the SEPM console.
• Click Admin > Servers.
• Right-click on the server name and select Edit the server properties.
• Click Directory Servers tab.
• Click Add.
  

• Add Directory Server window will pop up.
• In the General tab type the domain name.
• For Server Type select Active Directory.
• In Server IP Address or Name enter IP or Domain Name (For e.g. If the email address is <Username>@<Company_Name>.com then try to put Company_Name.com in domain name.)
• Enter the username and password for a domain user or dedicated service account.
• Click OK. (If it is not successful Check Use Secure Connection, which will use LDAP Port 636.  Click OK.)

• In Server Properties window the Directory Server gets listed after credentials are successfully verified.
• Under Synchronized Directory Settings check Synchronize with Directory Servers.
• Select Schedule as per your convenience.
• Click OK.

• To import OUs select the Clients tab.
• Click on the My Company group.
• Under Tasks click Import Organizational Unit or Container.
• Integrate with Organizational Unit Tree window will pop up.
• Select the domain from the drop down.
• Click OK.

Select the appropriate OU as desired to integrate with SEPM and click OK.

It will successfully synchronize AD and will integrate with the OU structure.

In case of issues with AD Sync check following logs in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log (for a 64 bit machine the location would be C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tomcat\logs\ADSITask-0.log)

Search for "Error Code" and next few lines for the reason.