Showing results for 
Show  only  | Search instead for 
Did you mean: 

DLP 3.0 - User Assignment Groups and Active Directory


I have a question regarding User Assignment Groups as part of DLP Device Control (in ePO 4.5) and I need to know how this integrates/works with Active Directory.

I have a working Device Control solution, where I have device rules set up and then use the user assignment group to define how have access/blocked to the device. If I add a single AD user to the User Assignment Group I have created, apply the policy and test it then it works a treat! But when I want to add an AD group (list of users) into the User Assignment Group and add the user in AD, then go back and update the policy and then test - then the update does not appear to happen!

Is there a way that the User Assignment Group can be updated, to reflect the latest changes to this group (so that updates that have been added to the AD group are reflected to be added to the User Assignment Group aswell)?

I want to be able to manage my users through AD groups (add/delete etc.) and then for this to be reflected in DLP, so that the users will have the correct access to the device.

Really hope someone can help me out.


2 Replies
Level 9
Report Inappropriate Content
Message 2 of 3

Re: DLP 3.0 - User Assignment Groups and Active Directory

It uses LDAP.  All of the integration is done through standard Microsoft API calls.

The dialog box that pops up is a standard windows call.   I would test one of the built in AD groups to make sure it's working at all.

I've seen issues in the past with groups but never with a single AD user working.


Re: DLP 3.0 - User Assignment Groups and Active Directory


Thanks for info.

I have done some additional testing and it appears that the AD user group is applied after about 1 hour (after I have added/removed users from the group), so it does appear to work.

However I was wondering if there is a setting in DLP / ePO that is able to configure it to syncronizing more often? As I would ideally want to be able to add users to an AD group and then for the settings to be applied to the users within minutes.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community