To make use of AD-based user role assignment, you must:

• Install Carbon Black App Control in an AD Domain – Install the Carbon Black App Control Server on a computer that is a member of an Active Directory domain. By default, the Carbon Black App Control Server must be in the same AD forest as the computers and users you want to map. If you require cross-forest integration, contact your Carbon Black Support representative.
• Enable the AD Mapping Interface – You enable the AD-based user mapping interface in the Active Directory / LDAP integration panel on the General tab of the System Configuration page. See Enabling Console Access via AD Accounts if you have not already done this.
• Create AD-mappable Target Roles – Create the user roles to which you want computers assigned by AD Mapping.
• Create Mappings – On the Mappings tab of the Login Accounts page, create AD Role Mapping rules that use AD data to assign computers to different security policies.