Next Topic

Previous Topic

Book Contents

Synchronization

Synchronization refers to the updating of KDS with data harvested from an Active Directory domain. The following KDS events trigger synchronization between KDS and a domain.

  • Previews
  • Activation / Incremental Synchronization
  • Apply Changes
  • Full Synchronization

Note: A synchronization also occurs for a specified user when Enabling/Disabling Domain Users Accounts or Resetting Domain User Password.

Previews

When the KDS probe is installed, the first task the probe performs is a preview. A preview updates KDS with:

  • Summary domain data for all folders and items.

Since this is the first time data is "harvested" from a domain, only summary domain data is required.

  • Folders are domain objects that contain other objects. This can refer to organizational units or containers, and groups, meaning groups of users.
  • Items can refer to computers, users and contacts.

Activation / Incremental Synchronization

After the probe is installed, —and typically before KDS policies are even set—a KDS probe is activated. Activation enables incremental synchronization between an Active Directory domain and the probe computer. An activated probe waits a fixed period of time, call the synchronization interval, before updating the VSA with these changes. By default this synchronization interval is 60 minutes. If this default value is used, these domain changes may not be reflected in the VSA up to 60 minutes after the changes are made.

Initially no KDS policies have yet been set, so no folders or items are "included", which would require a detailed harvesting of data. In this case an incremental synchronization harvests summary data from a domain that is similar to a preview, except the harvesting of data is limited to changes in the domain.

Later, when KDS policies have been set and selected folders and items are "included," synchronization requires both summary and detailed data. Again the harvesting of data is limited to changes in the domain.

Incremental synchronization provides an update of all changes to:

  • Summary domain data for all folders and items, whether "included" or "excluded"
  • Detailed domain data for all "included" folders and "included" items. Computers and contacts can be "included" individually. Users are always "included" by group.

Domain Changes Using the Incremental Synchronization Interval

Most domain changes are stored by the probe until the synchronization interval has elapsed, then uploaded to KDS. The default is 60 minutes. These types of domain changes include:

  • User added, moved or deleted
  • Computer added, moved or deleted
  • User or contact changes such as name, address, phone number, email address
  • Reorganization of the domain OU hierarchy

Domain Changes Passed Immediately

A few important domain changes need to be uploaded by the probe immediately. These include:

  • Password changes
  • Disabling a user account

Apply Changes

Synchronization also occurs when applying KDS policies, and are equivalent to a full synchronization. This ensures applied policies affect all included domain computers, users and contacts that may exist at that time, regardless of any synchronizations that may have occurred before.

Full Synchronization

The KDS probe accumulates domain changes in real time. If the connection between the KDS probe and a domain is lost for a period of time, the probe has no way to recover those changes. To ensure domain changes are not lost forever, set probe alerts and schedule a recurring full synchronization. If a probe alert is triggered, consider running a full synchronization immediately.

A full synchronization provides KDS with a complete update of domain data, including:

  • Summary domain data for all folders and items, whether "included" or "excluded"
  • Detailed domain data for all "included" folders and "included" items. Computers and contacts can be "included" individually. Users are always "included" by group.

Typically full synchronization occurs less frequently than incremental synchronization. Once a day or once a week, for example, might be sufficient.