Testing idm’s ad sync configuration, Testing idm’s ad sync configuration -48 – HP Identity Driven Manager Software Series User Manual
Page 63
2-47
Getting Started
Monitoring User Session Information
■
Within a Domain, Access Policy Group names must be unique. If Access
Policy Groups are being created manually within the same Domain, use
naming conventions to ensure these names do not conflict with Active
Directory group names.
■
Performance for the import from Active Directory to IDM varies depending
on your environment. Using a 1.86 GHz processor with 2GB RAM,
importing 20,000 Active Directory users in 75 groups takes approximately
65 minutes. A similar test that imported 10,000 of 20,000 users by selecting
2 of the 75 groups completed in 30 minutes.
■
Once the initial synchronization is completed, IDM monitors all changes to
the Active Directory which much less system resources. If Active Directory
synchronization is disabled or IDM is restarted, all groups must be resyn-
chronized.
■
Importing only relevant groups can reduce the import time significantly.
Selecting only groups of users for which access policies are defined instead
of selecting the Domain Users group (which includes all users in the domain)
can significantly reduce the amount of information that must be maintained
in IDM and synchronized with Active Directory.
■
When Active Directory is queried for the “Add or Remove Groups” function
in IDM, it may take several seconds to display the list of available groups.
An hourglass is displayed when such an extended process is occurring.
Performance will vary depending on your environment. Using a 1.86 GHz
Intel Core2 Duo processor with 2GB RAM takes approximately 30 seconds
to present a list of 20,000 groups.
■
If an error occurs while attempting to read the Active Directory, an entry is
made in the IDM events log, and IDM attempts to reconnect to Active
Directory once per minute.
Testing IDM’s AD Sync Configuration
Check that IDM’s AD Sync is configured and operating successfully:
1. Confirm AD Sync is configured in IDM Preferences, as explained in step 1 under
“Using Active Directory Synchronization” on page
synchronized with Active Directory groups.
2. Confirm AD groups and IDM groups are synchronized (IDM groups are shown
correctly in IDM).