McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual page 124

Organizing the System Tree
Creating and populating groups
3 Next to Synchronization type, select Active Directory. The Active Directory
synchronization options appear.
4 Select the type of Active Directory synchronization you want to occur between this group
and the desired Active Directory container (and its subcontainers):
• Systems and container structure — Select this option if you want this group to truly
reflect the Active Directory structure. When synchronized, the System Tree structure
under this group is modified to reflect that of the Active Directory container it's mapped
to. When containers are added or removed in Active Directory, they are added or
removed in the System Tree. When systems are added, moved, or removed from Active
Directory, they are added, moved, or removed from the System Tree.
• Systems only — Select this option if you only want the systems from the Active
Directory container (and non-excluded subcontainers) to populate this group, and this
group only. No subgroups are created when mirroring Active Directory.
5 Select whether a duplicate entry for the system will be created for a system that already
exists in another group of the System Tree.
TIP: McAfee does not recommend selecting this option, especially if you are only using the
Active Directory synchronization as a starting point for security management and use other
System Tree management functionality (for example, tag sorting) for further organizational
granularity below the mapping point.
6 In Active Directory domain you can:
• Type the fully-qualified domain name of your Active Directory domain.
• Select from a list of already registered LDAP servers.
7 Next to Container, click Browse and select a source container in the Select Active
Directory Container dialog box, then click OK.
8 To exclude specific subcontainers, click Add next to Exclusions and select a subcontainer
to exclude, then click OK.
9 Select whether to deploy agents automatically to new systems. If you do, be sure to
configure the deployment settings.
TIP: McAfee recommends that you do not deploy the agent during the initial import if the
container is large. Deploying the 3.62 MB agent package to many systems at once may
cause network traffic issues. Instead, import the container, then deploy the agent to groups
of systems at a time, rather than all at once. Consider revisiting this page and selecting
this option after the initial agent deployment, so that the agent is installed automatically
on new systems added to Active Directory.
10 Select whether to delete systems from the System Tree when they are deleted from the
Active Directory domain. Optionally choose whether to remove agents from the deleted
systems.
11 To synchronize the group with Active Directory immediately, click Synchronize Now.
Clicking Synchronize Now saves any changes to the synchronization settings before
synchronizing the group. If you have an Active Directory synchronization notification rule
enabled, an event is generated for each system added or removed (these events appear
in the Audit Log, and are queryable). If you deployed agents to added systems, the
deployment is initiated to each added system. When the synchronization completes, the
124 McAfee ePolicy Orchestrator 4.5 Product Guide