Logon on Enterprise Management Console is delayed

Document ID : KB000007015
Last Modified Date : 14/02/2018
Show Technical Document Details

Customer add new AD server. 

So, he change AD server setting in ac-dir.xml from old machine to new machine. 

And then he has met the delayed login problem. when he login via ENTM console, it takes 50-65 seconds. 


OS: Windows AllProd: CA Privileged Identity Manager r12.8 CF2 for SAM or later CDB: MS SQLServer or ORACLE User Store: Active Directory

Customer defined many customized Role and following many ActiveDirectory group at Member rule in each Roles:



  <Group name="CN=ADGROUP001,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP002,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP003,CN=Users,DC=testAD,DC=local"/> 


  <Group name="CN=ADGROUP098,.... 



When user login to ENTM server, PIM search role and check user has which role. 

It takes long time for searching. So, login is delayed. 



Create Container group for each Role's member.

for Example, 


  + ADGROUP001

  + ADGROUP002

  + ADGROUP003


  + ADGROUP098


And Member rule defined as following:


  <Group name="CN=GGroup1,CN=Users,DC=testAD,DC=local"/>