and more in a single search tool across platforms. Read the announcement here. |
01/29/2024 04:09 AM
Hi,
Looking for advice and pointers to the best practice. We have one ADSI connection to our main forest and it took a lot of effort, numerous issues to be addressed to set it up and have stable. The forest contains in excess of 100000 accounts (including service accounts) and even higher number of entitlements (groups).
We now need to set up another forest connection (much smaller though) and looking for advice and best practices. How do you schedule imports? What did you do to optimise import jobs and make them run faster? Do you use endpoint filter to create child endpoints? Do you manage to overcome this method limitation (5000 entitlements)?
Kind regards,
Piotr
01/29/2024 09:40 PM
@piotrj
I have implemented ADSI in two projects.
Best practice:
ADSI connector is not as efficient as a regular AD connector.
I scheduled the jobs in the below format.
Full imports will run daily once when there is not much environmental activity.
I created a trigger for account and Access import.
I scheduled one more trigger for incremental which will run every 4 or 6 hours.
Incremental will not take more than 5-10 mins.
Config:
importNestedMembership: FALSE
ObjectFilter: This can also help to reduce the datasets.
EndpointFilter: This can also help to reduce the datasets.
Limitation:
ADSI will not support entitlement to Owner mapping will not work.
ADSI will only accept lowercase attributes in the AD attribute mapping in Account_Attribute, groupImportMapping.
01/31/2024 05:15 AM
Thank you.
Have you had opportunity to implement multiple ADSI connections in the same system?