I have a few general questions and could use some advice. When using an AD Connector:
1. Is 60 minute sync interval too great ?
2. What does the monitor option do ? Should we use that instead of the 60 minute complete sync & do a complete sync only every few hours ?
3. The log files for the connector are getting very large very quickly, is there a way to automatically rename & archive them when they reach a certain size ?”
also in the user mapping there is a dropdown under the text "if a user is not found in in the directory servicethe user should be " any advice on how this works and our options also if a user is disabled in ad how that affects this.
Any advice, help or steering towards documents etc would be appreciated.
1. it depends on how often you change things in the AD that you want reflected into EEM, and how big a data set you are looking at - if it's only taking 2min to do the sync, no 60mins seems ok. If it's taking 58mins to do the sync, then a 60min repeat interval seems excessive.
2. It creates a search that never ends - the AD keeps sending us results after the search has finished. This is not 100% supported by AD though (it's an LDAP specification), and tends to be unreliable. You can use it though as long as you also have a scheduled repeat in case the monitor gives up.
The main problem with AD is it seems to send results unrelated to the original query.
3. No, you'll have to manage that yourself if you leave logging on all the time.
4. If a user who previously came from the AD suddenly is not seen in the returned results, this behavior comes into play.
5. if a user is disabled in AD, their EEM counterpart will be disabled as well. If you want to exclude them completely, I wrote a blog article about this a couple of days ago.