McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual page 109

Organizing the System Tree
Active Directory and NT domain synchronization
3 Use an NT Domain/Active Directory Synchronization server task to regularly synchronize
the systems (and possibly the Active Directory structure) with the System Tree according
to the synchronization settings.
Types of Active Directory synchronization
There are two types of Active Directory synchronization ( systems only and systems and
structure ). Which one you use depends on the level of integration you want with Active Directory.
With each type, you control the synchronization by selecting whether to:
• Deploy agents automatically to systems new to ePolicy Orchestrator. You may not want to
set this on the initial synchronization if you are importing a large number of systems and
have limited bandwidth. The agent MSI is about 6 MB in size. However, you might want to
deploy agents automatically to any new systems that are discovered in Active Directory
during subsequent synchronization.
• Delete systems from ePolicy Orchestrator (and remove their agents) when they are deleted
from Active Directory.
• Prevent adding systems to the group if they exist elsewhere in the System Tree. This ensures
that you don't have duplicate systems if you manually move or sort the system to another
location.
• Exclude certain Active Directory containers from the synchronization. These containers and
their systems are ignored during synchronization.
Systems and structure
When using this synchronization type, changes in the Active Directory structure are carried over
into your System Tree structure at the next synchronization. When systems or containers are
added, moved, or removed in Active Directory, they are added, moved, or removed in the
corresponding locations of the System Tree.
When to use this synchronization type
Use this to ensure that the System Tree (or parts of it) look exactly like your Active Directory
structure.
If the organization of Active Directory meets your security management needs and you want
the System Tree to continue to look like the mapped Active Directory structure, use this
synchronization type with subsequent synchronization.
Systems only
Use this synchronization type to import systems from an Active Directory container, including
those in non-excluded subcontainers, as a flat list to a mapped System Tree group. You can
then move these to appropriate locations in the System Tree by assigning sorting criteria to
groups.
If you choose this synchronization type, be sure to select not to add systems again if they exist
elsewhere in the System Tree. This prevents duplicate entries for systems in the System Tree.
When to use this synchronization type
Use this synchronization type when you use Active Directory as a regular source of systems for
ePolicy Orchestrator, but the organizational needs for security management do not coincide
with the organization of containers and systems in Active Directory.
McAfee ePolicy Orchestrator 4.5 Product Guide 109