- Created by Unknown User (jdougherty), last modified on Feb 27, 2020
In This Article
Overview - Active Directory Synchronization
This section of the getting started guide covers some general notes and observations on Active Directory integration, which allows you to manage your endpoints using your Active Directory (AD) organizational unit (OU) structure. You can set up automatic synchronization with your Active Directory structure using the Trend Micro Common Active Directory Synchronization Tool.
You configure AD Synchronization here: Administration > Active Directory Settings
General Notes & Observations
- After configuring AD synchronization, the Worry Free management portal will show you an empty structure of the OUs in your Active Directory.
- The "Computers" container in AD is not shown in the Worry Free management portal, nor is it scanned or synced. Therefore, computer accounts in this container will not show up in the management portal until the agent is installed. After the agent is installed, the computer will show up in the Manual Server or Device "default" groups.
- In the Worry Free management portal Trend refers to each OU as a Domain Group. You cannot remove or hide the domain groups that you don't want to use.
- When you create or remove OUs in your AD, these changes will be reflected in the Worry Free management console after the next sync.
- All of the domain groups shown in the Worry-Free management portal inherit their policy settings from the policy settings set at your top-level domain name (* domain.com).
- You can break the policy inheritance for down-level domain groups to give them their own policy settings. When you break the inheritance of a down-level group, child groups within that parent group are broken too, and the child groups start inheriting from the parent group that broke the inheritance. Additionally, the parent group will be denoted with an asterisks (*) before its name. Therefore, anytime you see an asterisks (*) before the name of a group, that group and its child groups are not inheriting from any up-level groups.
- If needed, you can restore a group's policy inheritance, but that group will lose all custom policy settings.
- Computer accounts in an OU will show up in their respective domain group after the agent is installed.
- If a computer account is moved between OUs in Active Directory, the computer will be moved in the domain group structure of the management portal after the next sync. If you force a sync, it can take up to 10 minutes for the change to show in the portal.
- If you already installed the agent on computers in your AD and they have been assigned to manual groups in the Worry Free management portal, they will remain there until you select them in the portal and choose the "Restore to Domain OUs" task.
- Computer accounts found in AD OUs that don't have an agent installed are displayed in the "Unmanaged Endpoints" filter group.
Trend Micro AD Sync Tool Deployment Notes
- You should create an AD service account for the sync tool to use. The service account doesn't need any special permissions, unless AD permissions have been configured to deny reading objects.
- When defining a Root DN path, OUs cannot be included in the path. This means your entire OU structure will be visible in the management portal.
- The synchronization frequency should be based on the frequency of changes anticipated in your directory.
- For directories that are not properly managed and kept up to date, use the exclude computers setting. Otherwise, you can leave it unchecked.
- When entering the service account's username in the sync tool, use the account's UPN.
- When upgrading the sync tool to a new version, you must uninstall the old sync tool first.
Here's an example screenshot of what a synced AD OU structure looks like in the Worry Free management portal.
The Worry Free management console has a very robust online help system. For detailed information and step-by-step instructions, you should reference the online help system. If you are new to Worry Free, check out the How-To Videos provided by Trend Micro.
If you're not signed in to the Worry Free management console, the complete Trend Micro Worry Free Services online help can be referenced in the Trend Micro Online Help Center.
If you need further assistance, please submit a ticket via the Evolve IP Support Page, or use the information listed in the Worry Free Technical Support page.