Active Directory "Refresh" interval on JSS

timlarsen
Contributor

Does anyone know what interval the JSS regularly checks in with an AD server to aggregate updated lists of users and groups? Or is the connection persistent/on-demand? In our environment our search base is set pretty wide, e.g. "DC=pretendco,DC=net", but when a member of our directory services team moved several groups from one OU to another, we could no longer use our AD accounts to login to the JSS until he moved them back. Any thoughts on this?

3 ACCEPTED SOLUTIONS

davidacland
Honored Contributor II
Honored Contributor II

I could be wrong but I was under the impression it was on demand.

I didn't think there was any caching going on, other than the usual 15-min AD replication intervals.

View solution in original post

bentoms
Release Candidate Programs Tester

@timlarsen as @davidacland said, I think the lookups are live.

BUT, for I think the JSS keeps a record of known users CN's. Which may not refresh.

View solution in original post

GaToRAiD
Contributor II

@timlarsen did you make sure you updated this section of your jss?

86cd3b70da2a42e6a47378f3146ccc26

View solution in original post

4 REPLIES 4

davidacland
Honored Contributor II
Honored Contributor II

I could be wrong but I was under the impression it was on demand.

I didn't think there was any caching going on, other than the usual 15-min AD replication intervals.

bentoms
Release Candidate Programs Tester

@timlarsen as @davidacland said, I think the lookups are live.

BUT, for I think the JSS keeps a record of known users CN's. Which may not refresh.

GaToRAiD
Contributor II

@timlarsen did you make sure you updated this section of your jss?

86cd3b70da2a42e6a47378f3146ccc26

timlarsen
Contributor

Thanks all! I'm going to forward @GaToRAiD's screenshot to our AD team to see what their recommendations are next time they make any changes.