• State Suggested Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 559 views
  • Users 0 members are here
Options
Related

Active Directory Connector vs Active Roles Connector

graziano santucci
9 months ago

Hi everyone,

I wanted to know if there are differences whether you use Active Directory Connector or Active Roles Connector?

Thank you and greetings

Parents
  • 0 9 months ago

    The Active Roles connector goes through Active Roles, for this one you would require Active Roles to be installed in your environment. Active Roles acts as an intermediary to Active Directory and can restrict users access. We can also leverage its own custom policies, etc. Active Directory we are connecting directly to Active Directory via a domain controller.

  • 0 1 month ago in reply to Troy Grandy

    Troy,

    Can you speak of or point to anything about the performance in timing of sync and changes in comparison to AD native and ARS? We are seeing it significantly slower with the sync to the domain and change process orchs to update objects. What can we do to improve the sync / updates? Or is there any known issues with converting from AD to ARS?

    I'm generating synchronization analysis report and still waiting on it to complete.

    Thank you,

    Lu  

  • 0 1 month ago in reply to lrigs

    I cannot speak to that but this would create a second hop. If ARS is not used then Identity Manager is going directly to the domain controller to make changes, if ARS is used that means we have to pass the data to ARS and then it has to pass the data onto the domain controller. It is an extra step so I would expect some slowness.

Reply
  • 0 1 month ago in reply to lrigs

    I cannot speak to that but this would create a second hop. If ARS is not used then Identity Manager is going directly to the domain controller to make changes, if ARS is used that means we have to pass the data to ARS and then it has to pass the data onto the domain controller. It is an extra step so I would expect some slowness.

Children
  • 0 1 month ago in reply to Troy Grandy

    Troy,

    Yes, I would imagine the sync is longer with it having to proxy through and the additional virtual attributes created with the ARS schema. Although the sync is outrageously slow. I've looked into the DB server, Job Server, ARS Server and the DC the ARS Server is bound to. I'm unable to determine why the sync has moved from 20 mins full sync from AD direct to over 19 hours to run a full sync. I have some PSO support looking into things to see what we can find out. I will log a ticket to support if PSO cannot figure things out. 

    Thanks for the reply. I appreciate your help and all your great informational posts in the forum.

    Lu