Re: vCenter / Active Directory user group sync

JudgementDay · ‎10-12-2020

VCSA 6.7 U3

Hi. I have the VCSA joined to AD via Integrated Windows Authentication. Synchronization of group membership from Active Directory to the VCSA is very slow - approx. 50 minutes.

For example, I add a user to the 'Full Admin' AD group. It will take approximately 50 minutes for AD/VCSA to sync and grant the full admin permissions on user login.

NTP is configured for the ESXi hosts / Domain Controllers / VCSA and I've verified all are consistent.

Is there a value somewhere set for the AD/VCSA sync?

Is there a way I can force the sync ?

Thanks in advance.

msripada · ‎10-13-2020

This is expected .. Only way is by restarting VCSA

thanks,

MS

Lalegre · ‎10-18-2020

Hey JudgementDay,

I recommend you to switch to Active Directory over LDAP as this Integrated Authentication will be deprecated in the following versions: vSphere 7 - Integrated Windows Authentication (IWA) Deprecation - VMware vSphere Blog

Try to change the method before configuring everything so in the future will be easier.

All

vCenter / Active Directory user group sync