Importing Nt Domains To An Existing Group - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Organizing Systems for Management
Creating and populating groups
10 Select whether to deploy agents automatically to new systems. If you do, be sure to
configure the deployment settings.
TIP: McAfee recommends that you do not deploy the agent during the initial import if the
container is large. Deploying the 3.62 MB agent package to many systems at once may
cause network traffic issues. Instead, import the container, then deploy the agent to groups
of systems at a time, rather than all at once. Consider revisiting this page and selecting
this option after the initial agent deployment, so that the agent is installed automatically
on new systems added to Active Directory.
11 Select whether to delete systems from the System Tree when they are deleted from the
Active Directory domain.
12 To synchronize the group with Active Directory immediately, click Synchronize Now.
Clicking Synchronize Now saves any changes to the synchronization settings before
synchronizing the group. If you have an Active Directory synchronization notification rule
enabled, an event is generated for each system added or removed (these events appear
in the Notfifications Log, and are queryable). If you deployed agents to added systems,
the deployment is initiated to each added system. When the synchronization completes,the
Last Synchronization time is updated, displaying the time and date when the
synchronization finished, not when any agent deployments completed.
NOTE: Alternatively, you can schedule an NT Domain/Active Directory Synchronization
server task for the first synchronization. This is useful if you are deploying agents to new
systems on the first synchronization, when bandwidth is a larger concern.
13 When the synchronization completes, view the results with the System Tree.
Once the systems are imported, distribute agents to them if you did not select to do so
automatically. Also, consider setting up a recurring NT Domain/Active Directory Synchronization
server task to keep your System Tree up to date with any new systems or organizational changes
in your Active Directory containers.

Importing NT domains to an existing group

Use this task to import systems from an NT domain to a group you created manually.
You can populate groups automatically by synchronizing entire NT domains with specified
groups. This is an easy way to add all the systems in your network to the System Tree at once
as a flat list with no system description.
If the domain is very large, you can create subgroups to assist with policy management or
System Tree organization. To do this, first import the domain into a group of your System Tree,
then manually create logical subgroups.
TIP: To manage the same policies across several domains, import each of the domains into a
subgroup under the same group, on which you can set policies that inherit into each of the
subgroups.
When using this method:
• Set up IP address or tag sorting criteria on subgroups to automatically sort the imported
systems.
• Schedule a recurring NT Domain/Active Directory Synchronization server task for easy
maintenance.
McAfee ePolicy Orchestrator 4.0.2 Product Guide 59