Skip to main content

How long does it take for an AD change to propagate to the dashboard?

Matt Prytuluk
  • Updated
  • min read

Overview

  

You are looking to find out how long it takes for a group membership, deletion or any other change take to make it up to the cloud, via the API and finally appearing in the Umbrella dashboard

 

Answer

  

 

AD changes come in 2 flavours:

  1. Full sync: This is when the connector is first doing a sync of the AD enviroment.  This takes a few minutes.
  2. Delta sync:  This is a sync of the changes in the AD enviroment since the last sync.  This too takes a few minutes.

Want to force a sync?  Delta syncs can be triggered by restarting the connector service, Full sync require removal of the LDIF folder before restarting the service.    If you have more than one connector in the enviroment, they all must be restarted.

 

Older behaviour

  

 

For posterity, the following is the performance of our old connector sync:

  1. First, the local AD environment must replicate the changes, be picked up by the Connector, and sent to the cloud. This typically takes about 5-15 minutes. On environments with only one Active Directory (AD) server (domain controller), a change usually takes up to ~5 minutes to get processed and sent to the cloud, barring any issues in regards around network latency, processing and also the size of the organization being synchronized.
  2. Second, the AD tree is processed cloud-side to import the tree into the Dashboard and policies. This process takes less than 10 minutes for small AD trees, and 2+ hours for large AD trees. For very large trees (tens of thousands of users), the import will begin showing results after around two hours, and gradually display changes as the tree processes over several hours.

    Having multiple AD servers might increase the time since the AD servers usually have to replicate the changes between themselves and that usually defaults to every 15 minutes, so the total time might be higher than normal, so you should consider planning for that on top of the above-listed values.


For more information about AD replication you can check the following articles:

How Active Directory Replication Topology Works
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx 

Was this article helpful?

3 out of 7 found this helpful
Have more questions? Submit a request

Related articles