Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
260 Views 1 Reply Latest reply: Nov 7, 2013 6:14 PM by Brad McGarr RSS
PhilM Champion 528 posts since
Jan 7, 2010
Currently Being Moderated

Nov 7, 2013 8:20 AM

Managing groups for different policies

Does the LDAP synchronization process take groups into consideration so they can then be used to provide a domain with a more granular policy?

 

The test envrionment I am using at the back end is pretty simple - a single 2003 Server acting as a domain controller, approximately a dozen users and a small collection of groups (both security groups and distrubution groups).

 

Having set-up Account Management -> Configuration -> Directory Integration  (using the EMail Domain logical structure) for the domain in question, the Test Settings option shows that SaaS is able to communicate with active directory.

 

I then go to Account Management -> Users and initiate a Sync.

 

Having now clarified that the sync process will automatically reject 'intermal' domain addresses, the number of reported "User Adds" is equivalent to the number of users I have in my active directory. But the Sync process seems to be oblivious of any groups. This is despite the fact that the group definitions (both distribution and security) are located at the same AD branch as the user records.

 

Retuning to the Directory Integration page, there doesn't appear to be anything in the configuration settings specific to groups.

 

So, should this process be able to import my AD groups and as it is not, what should I be looking at?

 

Many thanks.

-Phil.

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Nov 7, 2013 6:14 PM (in response to PhilM)
    Re: Managing groups for different policies

    Hi Phil,

     

    From my experience the Email Domain (Pull) method is fairly limited as to what information it can obtain and pull from Active Directory, being limited to User Accounts (specifically looking for the proxyAddresses attribute by default), so groups are not included.

     

    The Directory Services Connector component of ePolicy Orchastrator, from my understanding, does publish this information to the SaaS Product.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points