Active Roles is heavily impacted by latency on communications to the SQL Server and to the associated global catalog server. Ideally, these resources must be deployed on the same site, with a latency of less than 1 millisecond.
Active Roles is heavily impacted by latency on communications to the SQL Server and to the associated global catalog server. Ideally, these resources must be deployed on the same site, with a latency of less than 1 millisecond.
Active Roles caches environmental information in a few different locations. If the environment changes significantly, this cache could become obsolete that can negatively impact performance. This can occur, for example, after:
Active Directory schema or functional level updates.
Major SQL Server or Microsoft Exchange version updates.
For more information on clearing all of these caches, see Knowledge Base Article 4322345 in the One Identity support portal.
External applications, such as Change Auditor, Defender, Recovery Manager, and Safeguard Authentication Services all deploy Active Roles components. If either Active Roles or these external applications are upgraded, older versions of their deployed components could remain in the Active Roles configuration. In such cases, make sure to disable or remove these obsolete components.
In environments with a large number of Active Roles dynamic groups, the nightly run of the Dynamic Group Updater scheduled task can take several hours, and can also cause high CPU utilization on the target Active Directory domain controller (DC).
To solve this issue, add indexes in Active Directory on the attributes that are being queried by the dynamic group membership rule or rules.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center