Active Directory And Nt Domain Synchronization; Active Directory Synchronization - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Organizing Systems for Management

Active Directory and NT domain synchronization

• Apply and remove existing tags to systems in the groups to which they have access.
• Exclude systems from receiving specific tags.
• Use queries to view and take actions on systems with certain tags.
• Use scheduled queries with chained tag actions to maintain tags on specific systems within
the parts of the System Tree they have access.
• Configure sorting criteria based on tags to ensure systems stay in the appropriate groups
of the System Tree.
Types of tags
There are two types of tags:
• Tags without criteria. These tags can be applied only to selected systems in the System Tree
(manually) and systems listed in the results of a query.
• Criteria-based tags. These tags are applied to all non-excluded systems at each agent-server
communication. Such tags use criteria based on any properties sent by agent. They can also
be applied to non-excluded systems on demand.
Active Directory and NT domain synchronization
ePolicy Orchestrator 4.0.2 offers improved integration with both Active Directory and NT domains
as a source for systems, and even (in the case of Active Directory) as a source for the structure
of the System Tree.

Active Directory synchronization

If your network runs Active Directory, you can use Active Directory synchronization to create,
populate, and maintain part or all of the System Tree with Active Directory synchronization
settings. Once defined, the System Tree is updated with any new systems (and subcontainers)
in your Active Directory.
Active Directory integration is enhanced with the release of ePolicy Orchestrator 4.0.2. In
addition to previous functionality, you can now:
• Synchronize with your Active Directory structure, by importing systems and the Active
Directory subcontainers (as System Tree groups) and keeping them up-to-date with Active
Directory. At each synchronization, both systems and the structure are updated in the System
Tree to reflect the systems and structure of Active Directory.
• Import systems as a flat list from the Active Directory container (and its subcontainers) into
the synchronized group.
• Control what to do with potential duplicate systems.
• Use the system description, which is imported from Active Directory with the systems.
In previous versions of ePolicy Orchestrator, there were the two tasks: Active Directory Import
and Active Directory Discovery. Now, use this process to integrate the System Tree with your
Active Directory systems structure:
1 Configure the synchronization settings on each group that is a mapping point in the System
Tree. At the same location, you can configure whether to:
2 • Deploy agents to discovered systems.
McAfee ePolicy Orchestrator 4.0.2 Product Guide 43