Active Directory Integration – How it works


Steve Rachui wrote a great post on this - which goes a little deeper than some of the other documents and blogs presently out there:


http://blogs.msdn.com/steverac/archive/2008/03/20/opsmgr-ad-integration-how-it-works.aspx


I want to add one comment:


Q:  "How often does the agent poll active directory if it doesn't find policy when the machine first joins the domain?"


A:  The agent will poll AD to look at the SCP's referenced above, when the Healthservice first starts up.  Then - it will poll, by default, every hour from that point forward, looking in AD to see if it has information about management groups to join.


So - the RMS runs the AD assignment rules once per hour to update AD containers.... and the agent checks those containers once per hour.  Theoretically - the maximum time from when you add an agent assignment rule, to the time the agent picks this up - should be 2 hours.  Sometimes it can take a little longer, due to a modification of an assignment rule on the MS is really a delete action, then a write action.


The time interval that an agent inspects AD for policy is configurable as well:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager


Create a DWORD value named “ADPollIntervalMinutes” to the period you wish for the healthservice to check AD for new config.  Without setting this key yourself it defaults to 60 (minutes).

Comments (0)

Skip to main content