Active Directory Integration – How it works

Steve Rachui wrote a great post on this – which goes a little deeper than some of the other documents and blogs presently out there:

I want to add one comment:

Q:  “How often does the agent poll active directory if it doesn’t find policy when the machine first joins the domain?”

A:  The agent will poll AD to look at the SCP’s referenced above, when the Healthservice first starts up.  Then – it will poll, by default, every hour from that point forward, looking in AD to see if it has information about management groups to join.

So – the RMS runs the AD assignment rules once per hour to update AD containers…. and the agent checks those containers once per hour.  Theoretically – the maximum time from when you add an agent assignment rule, to the time the agent picks this up – should be 2 hours.  Sometimes it can take a little longer, due to a modification of an assignment rule on the MS is really a delete action, then a write action.

The time interval that an agent inspects AD for policy is configurable as well:


Create a DWORD value named “ADPollIntervalMinutes” to the period you wish for the healthservice to check AD for new config.  Without setting this key yourself it defaults to 60 (minutes).

Comments (0)