Resolution
Access Governance Suite offers two connector options for Active Directory: the governance connector (read-only) and the provisioning connector (read/write). The recommendation on which connector to use depends on the Access Governance Suite release installed and on whether automated provisioning will be done to AD.
| Access Governance Suite Release | Automated Provisioning? | Recommendation |
| 5.2 | No | Use governance (read-only) AD connector |
| Yes | Use provisioning (read/write) AD connector; better performance will be obtained by upgrading to Release 5.5 and using delta aggregations | |
| 5.5 | No | Use governance (read-only) AD connector |
| Yes | Use provisioning (read/write) AD connector and delta aggregations |
The read/write connector is designed to run a full initial aggregation and then rely on the connectors' interceptors to keep data in sync between Access Governance Suite and the managed system through delta aggregation. In this model, there should never be a need to repeat a full aggregation with this connector. The delta aggregation feature, however, is only available for Access Governance Suite Release 5.5 and later.
The read/write connector incurs a significant performance penalty over the read-only connector on aggregations, so customers on Release 5.2 who do not need the provisioning connector's write capabilities will experience better aggregation performance by implementing the read-only governance connector. Those who want to make use of the provisioning capabilities of the read/write connector are strongly encouraged to migrate to Release 5.5 to take advantage of the delta aggregation feature for improved performance.