|Setting up Enterprise Console|
This section gives an overview of Active Directory synchronization.
With Active Directory synchronization, you can synchronize Enterprise Console groups with Active Directory containers. New computers and containers discovered in Active Directory are copied into Enterprise Console automatically. You can also choose to protect discovered Windows workstations automatically. This allows you to minimize the time in which computers can become infected and reduce the amount of work you need to do to organize and protect computers.
After you have set up synchronization, you can set up email alerts to be sent to your chosen recipients about new computers and containers discovered during future synchronizations. If you choose to protect computers in synchronized Enterprise Console groups automatically, you can also set up alerts about automatic protection failures.
In Enterprise Console, you can have both “normal,” unsynchronized groups that you manage yourself and groups synchronized with Active Directory.
When setting up synchronization, you select or create a synchronization point: an Enterprise Console group to be synchronized with an Active Directory container. All computers and subgroups contained in the Active Directory are copied into Enterprise Console and kept synchronized with Active Directory.
After you set up synchronization with Active Directory, the synchronized part of Enterprise Console group structure matches exactly the Active Directory container it is synchronized with. This means the following:
By default, synchronization occurs every 60 minutes. You may change the synchronization interval if required.
It is your decision what groups to synchronize with Active Directory and how many synchronization points to set up. Consider whether the size of groups that will be created will be manageable. You should be able to deploy software, scan and clean up computers easily. This is especially important for the initial deployment.
The recommended approach is as follows: