Environment
Cloud Access 2.2.x
Situation
Active user count not increasing after customer added a search context
of a dc high in the forrest of their AD environment. Example:
DC=CORP,DC=COMPANY,DC=COM
When looking at Cloud Access Main page (Admin) in top right there is a users count and under that is an active count.
The users count is the total number of users found under the context's defined on the defined Active Directory Server.
The active count is the total number of users that have been "provisioned/synced" over to cloud Access Server's internal eDirectory Store.
In this case there was a high number of users that were under the defined context ~60k, but the active count wasn't climbing, even after sitting for a day.
DC=CORP,DC=COMPANY,DC=COM
When looking at Cloud Access Main page (Admin) in top right there is a users count and under that is an active count.
The users count is the total number of users found under the context's defined on the defined Active Directory Server.
The active count is the total number of users that have been "provisioned/synced" over to cloud Access Server's internal eDirectory Store.
In this case there was a high number of users that were under the defined context ~60k, but the active count wasn't climbing, even after sitting for a day.
Resolution
Reported to engineering =
As a workaround lower ou's seem to work fine such as:
ou=users,DC=CORP,DC=COMPANY,DC=COM
So this will require adding container/'s under the lowest dc, so if there are 10 containers directly under the dc, would need to add all 10 to the search context.
As a workaround lower ou's seem to work fine such as:
ou=users,DC=CORP,DC=COMPANY,DC=COM
So this will require adding container/'s under the lowest dc, so if there are 10 containers directly under the dc, would need to add all 10 to the search context.
Cause
Still investigating
Additional Information
In the bis_AD*RL.log we were seeing the following loop over and over again.
base=DC=CORP,DC=COMPANY,DC=COM
scope=2
filter=(objectclass=user)
attrs=[1.1]
attrsOnly=true
DirXML: [08/31/15 21:28:00.49]: TRACE: Remote Loader: Received.
DirXML: [08/31/15 21:28:00.66]: TRACE: Remote Loader: Received document for subscriber channel
DirXML: [08/31/15 21:28:00.66]: TRACE: Remote Loader: Waiting for receive...
DirXML: [08/31/15 21:28:00.66]: TRACE: Remote Loader: Calling SubscriptionShim.execute()
DirXML: [08/31/15 21:28:00.66]: TRACE: Remote Loader: Sending...
DirXML: [08/31/15 21:28:00.66]: TRACE: Remote Loader: Document sent.
DirXML: [08/31/15 21:28:00.66]:
DirXML Log Event -------------------
Driver = \IDVAULT\system\driverset1\bis_AD_Wz2ui
Thread = Subscriber
Level = success
DirXML: [08/31/15 21:28:06.97]: TRACE: bis_AD_Wz2ui: Driver encountered a referral but it could not be followed. Only referrals to resources on the same server can be followed.
DirXML: [08/31/15 21:28:06.97]: TRACE: bis_AD_Wz2ui: Driver encountered a referral but it could not be followed. Only referrals to resources on the same server can be followed.
DirXML: [08/31/15 21:28:06.97]: TRACE: bis_AD_Wz2ui: Driver encountered a referral but it could not be followed. Only referrals to resources on the same server can be followed.
DirXML: [08/31/15 21:28:08.97]: TRACE: bis_AD_Wz2ui: GC overhead limit exceeded
DirXML: [08/31/15 21:28:08.97]: TRACE: bis_AD_Wz2ui: Poll()
DirXML: [08/31/15 21:28:09.10]: TRACE: bis_AD_Wz2ui: LDAP Search