• State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 62 subscribers
  • Views 9197 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dynamic Security Group Not Updating Completely

ted.osheroff
over 7 years ago

I recently created a new Dynamic Security Group.  The group membership only adds 4000 members after clicking on the Rebuild button and then stops.  There should be close to 10k members based on an ldap query I ran separately in PS.   I built a new dynamic sec. group based on the same search criteria and it stops adding members after 2000 members.  Anyone know what's going on here or how to fix this?  Why can't it build the proper group membership?

ARS v.6.9.0.5424

  • 0 over 7 years ago
    Have you checked the EDM Server Log for events related to your dynamic group?
  • 0 over 7 years ago
    I appreciate your help. I have checked the logs. I don't see anything other than an entry that says it is rebuilding the member list when I kick off the Rebuild.
  • 0 over 7 years ago
    Hello Ted,

    6.9.0.5424 is ActiveRoles Server 6.9 base version, unpatched. For your reference:

    Title: How to obtain the full version number of ActiveRoles Server components
    Solution Number: 107190
    URL: support.quest.com/.../107190

    There were several issues in that version related to Dynamic Groups. Please apply Patch 4:

    Title: ActiveRoles Server 6.9 Patch 4
    Solution Number: 206303
    URL: support.quest.com/.../206303
  • 0 over 7 years ago
    You may also want to check this setting:

    Title: How To: Add non mail-enabled users to Dynamic Groups
    Solution Number: 74969
    URL: support.quest.com/.../74969
  • 0 over 7 years ago
    Update: I haven't applied ActiveRoles Server 6.9 Patch 4 yet. I will. However, I went back to check on the Dynamic Security Groups I was creating and things look better today. The membership is now updating properly. These are large groups, ~10k members. Could the size of the group have had something to do with this? Could this be related to the AR databases at all?
    -Thank you
  • 0 over 7 years ago
    my points of attention would be when AD\DG_group membership Condition:
    1. Condition contains AD\group_condition (when AD\group_condition changes a member, ARS rebuilds all AD\DG_group, because DC DirSync event does not provide precise enough information on AD\group_condition.member attribute)
    2. Condition is based on mutli-valued attribute

    If Condition is based on plan single-valued attribute, DG used to work solid and quick for large 100K environments with 1-10K+ members.

    If you got Conditions either (1) or (2) AND experience issues, then I recommend to redesign ARS workflow to fall on to single-valued attribute condition.