Overview
You are looking to find out how long it takes for a group membership, deletion or any other change take to make it up to the cloud, via the API and finally appearing in the Umbrella dashboard
Answer
AD changes consist of two processes.
- First, the local AD environment must replicate the changes, be picked up by the Connector, and sent to the cloud. This typically takes about 5-15 minutes. On environments with only one Active Directory (AD) server (domain controller), a change usually takes up to ~5 minutes to get processed and sent to the cloud, barring any issues in regards around network latency, processing and also the size of the organization being synchronized.
- Second, the AD tree is processed cloud-side to import the tree into the Dashboard and policies. This process takes less than 10 minutes for small AD trees, and 2+ hours for large AD trees. For very large trees (tens of thousands of users), the import will begin showing results after around two hours, and gradually display changes as the tree processes over several hours.
Having multiple AD servers might increase the time since the AD servers usually have to replicate the changes between themselves and that usually defaults to every 15 minutes, so the total time might be higher than normal, so you should consider planning for that on top of the above-listed values.
For more information about AD replication you can check the following articles:
How Active Directory Replication Topology Works
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx
Comments
0 comments
Article is closed for comments.