Share all details related to your problem, including any error messages you may have received.
HI Developer Community! I’m looking to start to look at using the Azure Connector in our environment. From a POC I did I noticed some performance issues, but not sure if it is just my environment. How many of you are using the Azure Connector to aggregate accounts in Azure Active Directory (Entra)? If you are using it, roughly how many accounts to aggregate? Do you aggregate Daily, More than Daily, Less than Daily? Do you run Delta Aggregations, Partitioned? Most importantly, what performance do you see running the aggregation (i.e. 1K Accounts per minute, less than this, more than this)? I was seeing that it would take HOURS upon HOURS to aggregate between 40K and 50K accounts.
Definitely the best approach for big environments, that being DirSynced AD or Entra is partition.
What i’ve had done is divided by letter that way we can have 26 partitions happening at the same time.
But you can have a better division for it.
About performance it really depends of what features you want to manage, like teams, Exchange online an so on.
The main problem for me is the Group aggregation that you can, but is not oblige to , try to not aggregate synced groups that way you dont have duplicated groups.
All good points Ivan. The problem I ran into with the partitioning especially with 26 of them is I chew up all the available aggregate Partitions the system is configured of (I think I’m at 8 per server x 2 servers) is that other aggregations are then put on hold. If I increase the number of partitions I then start to get Locking errors due to some very large identities we have (150+ accounts on the identities). I was more interested in the performance. What do you see for performance, i.e. with AD I can easily aggregate 25,000+ accounts in about 30 min using delta aggregations. The Azure is in my opinion very much slower. Agree on the group aggregation as well, as yes I would definitely filter out the syncd’ groups as you can’t provision to them anyway, you have to provision to the sync’d AD group.
kevin , you can configure the Request definition to not occupied all the treads for you environment. Also you need to have for such a medium environment more task servers and a segregation between UI and Task/Batch servers.
that way you can have lets say 3 even 4 batch server with 20 threads each and be able to better segregate you partitions and 1 UI for users.
That way you have all you processing happening on these 4 servers with 100 threads available for you.
PArtitions is really the best way to enhance the speed of aggregation and other processing happening, the only point is, and that i learn from many years of practice.
Everytime you run a aggregation you need to have a refresh right after it.
So basically you have a Sequential launcher task with the aggregation and the refresh right after it.
I discover that after doing this my HR + HR refresh took less than 30 minutes to process, on a environment with 1.3mm identities were it normally took 4-5hrs. That approach you will avoid the stacking of changes that happens on AD, Azure , SAP.