Dynamic Group Rebuilds

We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem.  Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be reinserted members don't have access.

Is any body else experiencing this?  I though this had been addressed.  Dynamic groups could be really useful, and a whole lot safer, if they did delta forever (ads append/delete).


  • Feature Request 90882 has been created to address delta handling. Thank you for your feedback. as regards to your issue with rebuilds, i would suggest that you update the scheduled task timing and adjust it to a time and date that you feel that would not conflict with other services.

  • I used to help large customer to fix ARS Dynamic Groups rebuilt (for example it used to take ~12-24h+ and was reduced to 1h).

    The approach depends on many nuances depending on details of entire AD Management Workflow implemented in Prod, and even slight changes to it if necessary. Therefore, it is hard to discuss on the forum.

    I would recommend: review/utilize “light”/quick ldap queries and avoind “heavy”/slow ones.