• State Not Answered
  • Replies 2 replies
  • Subscribers 63 subscribers
  • Views 1157 views
  • Users 0 members are here
Options
Related

Dynamic Group Rebuilds

leejohnc
over 3 years ago

We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem.  Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be reinserted members don't have access.

Is any body else experiencing this?  I though this had been addressed.  Dynamic groups could be really useful, and a whole lot safer, if they did delta forever (ads append/delete).

www.oneidentity.com/.../rebuild---script-call-to-rebuild-a-dynamic-group-anyone

Parents
  • 0 over 3 years ago

    I used to help large customer to fix ARS Dynamic Groups rebuilt (for example it used to take ~12-24h+ and was reduced to 1h).

    The approach depends on many nuances depending on details of entire AD Management Workflow implemented in Prod, and even slight changes to it if necessary. Therefore, it is hard to discuss on the forum.

    I would recommend: review/utilize “light”/quick ldap queries and avoind “heavy”/slow ones.

Reply
  • 0 over 3 years ago

    I used to help large customer to fix ARS Dynamic Groups rebuilt (for example it used to take ~12-24h+ and was reduced to 1h).

    The approach depends on many nuances depending on details of entire AD Management Workflow implemented in Prod, and even slight changes to it if necessary. Therefore, it is hard to discuss on the forum.

    I would recommend: review/utilize “light”/quick ldap queries and avoind “heavy”/slow ones.

Children
No Data