Help

How often does JSS query AD

jcline
New Contributor III

Posted on ‎06-21-2016 06:03 AM

What i'm wondering is how often does JSS query LDAP? We are having users transfer schools a lot but JSS takes days or longer sometimes to update that users INFO to the new School location we have set in our AD attributes that JSS looks at. There for the new school can't see what the info and status of the the new students ipad.

Labels:
0 Kudos
8 REPLIES 8

DBrowning
Valued Contributor II

Posted on ‎06-21-2016 06:22 AM

How often are you doing recons on the machines? the User location will update whenever a recon is run.

0 Kudos

jcline
New Contributor III

Posted on ‎06-21-2016 06:29 AM

It's not the machines that are doing it it's the ipads that we have doing this. It is just iOS devices we are worried about.

0 Kudos

DBrowning
Valued Contributor II

Posted on ‎06-21-2016 06:40 AM

Same would apply. How often do you have mobile devices having inventory taken? By default its once a day so it should be looking each day the device is inventoried. If the device doesn't check in for a couple days then the user data won't update. if you have change the inventory frequency to weekly or monthly it will take longer for the data to update.

And just to confirm, you have the check box for "collect user and locaiton info from LDAP" checked under the Mobile Device Inventory Collection settings.

0 Kudos

jcline
New Contributor III

Posted on ‎06-21-2016 07:03 AM

We do have that setting checked. I thought thats what it was supposed to do also, but we can deploy a device change the location in AD do an inventory update and the location will not update. Only thing i can think of is it only does it on the automated inventory updates.

0 Kudos

DBrowning
Valued Contributor II

Posted on ‎06-21-2016 07:09 AM

that would be odd. because an inventory is an inventory. but maybe i'm wrong.

0 Kudos

jcline
New Contributor III

Posted on ‎06-21-2016 08:11 AM

That's what we thought also but it's not doing it right away. It will after a day or so but not if we do a manual inventory update.

0 Kudos

cdenesha
Valued Contributor II

Posted on ‎06-21-2016 09:48 AM

It is definitely supposed to do it every time.

Try changing something small on the JSS record that is also getting updated by LDAP, perhaps deleting the Full Name. Then do an update and see if it comes back. If so then an LDAP query completed and the School should have as well.

chris

0 Kudos

Graeme
Contributor

Posted on ‎06-21-2016 02:50 PM

Hello jcline, a couple of thoughts.

How often is your AD data being replicated between sites? Default is every 15 mins but for a large network I have seen sys admins push this out to a day or more. If your sites are cascaded in AD then it can blow out even longer.

Read only domain controllers (RODC) can mess this up even more because they do not replicate all a user objects attributes but rely on the client retrieving some data from a writeable Domain Controller (DC). If this is out of date or timing out because the DC is at a different site it can cause the sort of problems you are having.

The other thought is user objects are not tied to a specific site in AD, only things that pick up an IP address (and DC's, but they have an IP anyway). It would be common to move students to a new Organizational Unit (OU) that represents the new site and then this change is replicated to the DC in the other sites. Knowing this you can trace back to see which attributes are being used in your JSS and manually check to see if that data has made it to the DC your JSS is querying.

Hope this helps.

Regards
Graeme

0 Kudos