Dynamic Group Rebuilds

We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem. Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be reinserted members don't have access.

Is any body else experiencing this? I though this had been addressed. Dynamic groups could be really useful, and a whole lot safer, if they did delta forever (ads append/delete).

www.oneidentity.com/.../rebuild---script-call-to-rebuild-a-dynamic-group-anyone

Top Replies

0 Danny.Ferri_83652 over 3 years ago

Feature Request 90882 has been created to address delta handling. Thank you for your feedback. as regards to your issue with rebuilds, i would suggest that you update the scheduled task timing and adjust it to a time and date that you feel that would not conflict with other services.
Cancel
Up +1 Down

Reply

Verify Answer

Cancel
0 Aidar.Karabalaev over 3 years ago

I used to help large customer to fix ARS Dynamic Groups rebuilt (for example it used to take ~12-24h+ and was reduced to 1h).

The approach depends on many nuances depending on details of entire AD Management Workflow implemented in Prod, and even slight changes to it if necessary. Therefore, it is hard to discuss on the forum.

I would recommend: review/utilize “light”/quick ldap queries and avoind “heavy”/slow ones.
Cancel
Up +1 Down

Reply

Verify Answer

Cancel

Endpoint Privilege Management

Dynamic Group Rebuilds

Top Replies