You install Symantec Endpoint Protection (SEP) with the Symantec Endpoint Threat Defense for Active Directory (TDAD) integration feature and need to know when alarms are forwarded to the Symantec Endpoint Protection Manager (SEPM)

Alarms from the TDAD Core server are forwarded to the SEPM when the SEPM status is operational. If the SEPM status is down, TDAD Core will check if any partner site is registered and if yes, TDAD Core will forward the alarm to the partner site.  If there is not a partner site registered, TDAD Core will wait for the SEPM status to become operational and will then send the alarm.