To make use of AD-based policy assignment, you must perform the following actions.

• Install the Carbon Black App Control server in an AD Domain – Install the Carbon Black App Control server on an endpoint that is a member of an Active Directory domain. By default, the Carbon Black App Control server must be in the same AD forest as the computers and users you want to map. If you require cross-forest integration, contact your Carbon Black Support representative.
• Enable the AD Mapping Interface – You enable the AD-based policy mapping interface in the Active Directory LDAP integration panel on the General tab of the System Configuration page.
• Create AD-mappable Target Policies – Create the security policies to which you want endpoints assigned by AD Mapping, and make sure these policies allow automatic policy assignment.
• Create Mappings – On the Mappings tab of the Policies page, create AD Policy Mapping rules that use AD data to assign endpoints to different security policies
• Install or Move Agents to AD-mappable Policies – For new agent installations, make sure that the policy for the agent installation packages allows automatic policy assignment. For mapping to be successful, both the current policy of an agent and the policy to which will be mapped must have automatic policy assignment enabled. For existing agents, if necessary, you can change a policy from manual to automatic after installation or move the agent to an AD-mappable policy.