Understanding the Active Directory Synchronization

If your organization runs Active Directory and its organization meets your management needs, integrate with your Active Directory to populate and map the User/Endpoint Directory according to your existing organizational structure. Once synchronized, Control Manager updates the User/Endpoint Directory with any new users/groups from your Active Directory.

Take note of the following considerations when enabling this feature:

  • Control Manager supports synchronization of Active Directory domains coming from the same forest.

    The following example shows the Active Directory tree with multiple domains from the same forest:

  • If there are duplicate users created from endpoints as local users and Active Directory members, Control Manager removes duplicates by listing all Active Directory users.


    Control Manager consolidates all users—with duplicate and unique names. Having duplicate users listed in the Users/Endpoint Directory is possible because endpoints such as computers, servers, or laptops can have multiple local accounts with the same name.

To configure the Active Directory connection, refer to Configuring Active Directory and Endpoint Protection Verification Widget Settings.