返回
-
标题
Broken rules in a Managed Unit causing Active Roles performance issues in all Active Roles clients -
说明
Broken rules in a Managed Unit causing Active Roles performance issues in all Active Roles clients -
原因
When Active Roles creates a Managed Unit, native Active Directory objects are referenced using the Active Directory GUID.
When an Active Roles client deletes a referenced object, or when Active Roles receives a DirSync notification that a referenced object has been deleted, all Managed Unit and Dynamic Group rules that reference that object should be deleted.
Configuring the DirSync subscription in Active Directory requires that the domain management account (proxy account) must have the "Replicating Directory Changes" extended right in Active Directory. If this extended right is not present, then Active Roles cannot receive notifications when objects are deleted, and does not clean up Managed Unit or Dynamic Group rules. -
解决办法
RESOLUTION
Ensure that the domain management account always has the "Replicating Directory Changes" extended right in Active Directory.
To identify Managed Units with broken rules, run the attached PowerShell script as an Active Roles Admin. -
附件