cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 8

Avoiding AD connector

Jump to solution

Have any one of you deployed EEM without AD connectivity. In other words manually importing the active users from AD and also mining users via AutoDomain and adding them to Object Directory?

If you anyone of you implemented this, how do you generally take care of user's password change in a SSO?

I was thinking of using AutoDomain's password confirmation screen and using that to synch to local FS and object directory?, Is that the right approach.

I'm more interested in any implementations without AD connectivity. We are seeing a long delay and time consuming effort to periodically synch with AD (even for the incremental synch). Could anyone of you throw some light.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Avoiding AD connector

Jump to solution

if your AD connector is slow, it usually means you didn't go through the db optimization steps - in particular you don't have the name index enabled?

How many users are in your AD, and how many are "interesting" to EEPC?

View solution in original post

7 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Avoiding AD connector

Jump to solution

if your AD connector is slow, it usually means you didn't go through the db optimization steps - in particular you don't have the name index enabled?

How many users are in your AD, and how many are "interesting" to EEPC?

View solution in original post

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 8

Re: Avoiding AD connector

Jump to solution

Yes, indexing the db is on our top priority list for sure.

We are talking about 18,000 "interesting" users

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Avoiding AD connector

Jump to solution

18,000 out of how many?

and, did you turn the name index on? You said it was a priority, but indeed did you enable it?

I should mention that the AD connector has nothing to do with password sync - I wish it could, but since AD does not know what your password is, the info simply is not there. The connector just handles the location of users in the groups, info sync like logon hours etc, password expiry and enabled/disabled status.

Message was edited by: SafeBoot on 6/22/10 6:16:48 PM EDT
Highlighted

Re: Avoiding AD connector

Jump to solution

How long is "long"? Can you describe that in numbers? How many user objects do you have in EE database or synchronized portion of AD?

There is no "incremental" connector synch; it is a multipass approach. At first, all database user objects are scanned and matched against AD, then new AD objects are processed.

In your database root folder (\SBDATA) there should be DBCFG.INI file with this clause:

[NameIndex]
Enabled=Yes

This must be set to "Yes" for the name index/caching to be used by programs running for this directory.

on 6/22/10 7:11:43 PM EDT
Highlighted
Level 7
Report Inappropriate Content
Message 6 of 8

Re: Avoiding AD connector

Jump to solution

The indexing is not enabled in the production. I just checked the article KB60490. Let me do that and test the performance.

Thanks,

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 8

Re: Avoiding AD connector

Jump to solution

You'll find it will make a huge difference, especially with a db that size.

Highlighted

Re: Avoiding AD connector

Jump to solution

In this case you may find the whole performance and best practices article interesting:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/21000/PD21801/en_US/...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community