Cannot add users or synchronize user changes with Active Directory for Compliance Accelerator or Discovery Accelerator

book

Article ID: 100031483

calendar_today

Updated On:

Description

Error Message

No error is presented.

 

Cause

By default, CA and DA are configured to synchronise Employees/Employee Groups and Custodians/Custodian Groups respectively, with their Active Directory or Lotus Domino Directory accounts and/or groups in batches or chunks of up to 1000 users. If there are more than 1000 users, the synchronisation process should complete the first batch then process the next batch, repeating this loop until all Employees/Custodians have been processed.

There may be occasions whereby the processing of one batch does not complete or there are issues with obtaining the information from AD, whereby the processing does not progress to the next batch and only appears to process some or all of the users in the first batch (of up to 1000 users). In such occurrences, the default batch size of 1000 may be too small.

 

Resolution

Changing the batch size to a larger value can cause the synchronisation process to run more efficiently, thus allowing new users to be manually added and existing users to be synchronised. This is accomplished as follows:


Compliance Accelerator

1. Open the Compliance Accelerator Client using an account that has the Application level permission Modify System Configuration allowed in an Application Role assigned to the account, such as the Vault Service Account.

2. Go to Configuration | Settings.

3. Hold the CTRL key and left-click the Configuration Settings banner at the top left of the window.

4. Expand Profile Synchronization.

5. Increase the Value column entry for the Chunk-Size for ADSynchroniser setting. The default value is 1000. This can be increased in increments of 1000 to a maximum of 10000.

6. Click anywhere outside the setting's line to remove the focus from the setting.

7. Click the Save button.

8. Acknowledge any popups advising to restart Remoting/Customer Background Tasks/services.

9. Restart the Enterprise Vault Accelerator Manager Service in the Services MMC.

10. Allow some time for synchronisation changes to take effect and verify if successful by reviewing the Monitored Employees.


Discovery Accelerator Custodian Manager

1. Open the Discovery Accelerator Client using an account that has the Application level permission Modify System Configuration allowed in an Application Role assigned to the account, such as the Vault Service Account.

2. Go to Custodians | Custodian Manager.

3. Click on the link to open the Custodian Manager website.

4. Go to View Application Settings in the CM website.

5. Hold the CTRL key and left-click the Settings banner at the top left of the window.

6. Click the dropdown arrow in the Settings for option and select Profile Synchronization.

7. Click on Edit in the line for the Chunk-Size for ADSynchroniser setting.

8. Increase the Value column entry for the Chunk-Size for ADSynchroniser setting. The default value is 1000. This can be increased in increments of 1000 to a maximum of 10000.

9. Click the OK button next to the setting, then click OK at the bottom of the website window.

10. Acknowledge any popups advising to restart Remoting/Customer Background Tasks/services.

11. Restart the Enterprise Vault Accelerator Manager Service in the Services MMC.

12. Allow some time for synchronisation changes to take effect and verify if successful by reviewing the Custodians.


In order to log the CA/DA synchronisation processing, a DTrace of the ADSynchroniser process can be obtained, as follows:

- Log on to the CA or DA server (as applicable) as the Vault Service Account.

- Open a command prompt and navigate to the EV installation folder.

- At the command prompt, execute the following command:
DTrace 3000000

- At the DT> prompt, execute the following command:
v
This will register and associate a number with each EV/CA/DA process running on the Server.  For example:
c:\Program Files (x86)\Enterprise Vault>dtrace 3000000

DTrace Version (14.5.0.1177)
? for help

DT>v

View Trace Options

Id    Name                                         Detail     Include Events
1   - AcceleratorManager                           Off        No
2   - AcceleratorService                           Off        No
3   - AdminService                                 Off        Yes
4   - ADSynchroniser                               Off        No
5   - AgentClientBroker                            Off        Yes
6   - AnalyticsConversationAnalyserTask            Off        No
7   - AnalyticsIngesterTask                        Off        No
8   - AnalyticsServerApp                           Off        No
9   - ArchivePoints                                Off        Yes
10  - ArchiveTask                                  Off        Yes
11  - AuditViewer                                  Off        Yes
12  - AuthServer                                   Off        Yes

- Note the ID number beside the ADSynchroniser process. 

- At the DT> prompt, execute the following command:
set (process ID #) v

For example and using the above output: set 4 v

- Enable DTrace logging by executing the following command after replacing c:\dtrace.log with a location and filename for the log file. The log file name must end with the .log extension. 
log c:\dtrace.log

- Begin the synchronisation by either restarting the Enterprise Vault Accelerator Manager Service or clicking on the appropriate synchronise option in the CA Client or in the Custodian Manager website.

- Allow the synchronisation process to run for a period of time. Typically, an hour should suffice, but more time may be needed in large environments.

- When ready, stop the DTrace logging to the file by typing the following at the DT> prompt and pressing the Enter key twice:

log

- At the DT> prompt, execute the following command to exit the Dtrace:

quit

- Respond accordingly to any additional prompts in order to save any logs and exit DTrace.

In rare cases, it may be noticed that some Employees/Employee Groups or Custodians/Custodian Groups partially synchronise or still do not synchronise after editing the Chunk-Size for ADSynchroniser Setting. In such cases, please contact technical support for assistance with increasing the maximum chunk size value above 10000.

Applies to all versions of CA and DA/CM.

Technical Support only - see internal notes.

 

Issue/Introduction

Issues with adding users or updating Active Directory (AD) user information to Enterprise Vault (EV) Compliance Accelerator (CA) or Discovery Accelerator (DA) Custodian Manager (CM) can be experienced in different ways. Here are some examples: - Adding a new Employee to CA via browsing AD, either by the user or by a group.
- Synchronising Employees and/or Employee Group changes in CA beyond the first 1000 Monitored Employees.
- Adding a new Custodian to DA CM via browsing AD, either by the user or by a group.
- Synchronising Custodians and/or Custodian Group changes in DA beyond the first 1000 Custodians.
Powered by Wolken Software