Posted on 05-18-2015 12:13 PM
Does anyone know what interval the JSS regularly checks in with an AD server to aggregate updated lists of users and groups? Or is the connection persistent/on-demand? In our environment our search base is set pretty wide, e.g. "DC=pretendco,DC=net", but when a member of our directory services team moved several groups from one OU to another, we could no longer use our AD accounts to login to the JSS until he moved them back. Any thoughts on this?
Solved! Go to Solution.
Posted on 05-18-2015 12:15 PM
I could be wrong but I was under the impression it was on demand.
I didn't think there was any caching going on, other than the usual 15-min AD replication intervals.
Posted on 05-19-2015 02:23 AM
@timlarsen as @davidacland said, I think the lookups are live.
BUT, for I think the JSS keeps a record of known users CN's. Which may not refresh.
Posted on 05-19-2015 05:11 AM
Posted on 05-18-2015 12:15 PM
I could be wrong but I was under the impression it was on demand.
I didn't think there was any caching going on, other than the usual 15-min AD replication intervals.
Posted on 05-19-2015 02:23 AM
@timlarsen as @davidacland said, I think the lookups are live.
BUT, for I think the JSS keeps a record of known users CN's. Which may not refresh.
Posted on 05-19-2015 05:11 AM
@timlarsen did you make sure you updated this section of your jss?
Posted on 05-19-2015 07:32 AM
Thanks all! I'm going to forward @GaToRAiD's screenshot to our AD team to see what their recommendations are next time they make any changes.