We are experiencing huge load on the IQService and ending up with “Connection reset” errors for actual updates due to system initiating modify AD account request every time there is an IdentityRefresh but there is no actual updates to attributes in the modify provisioning plan for most of the Modify Account Requests.
Has anyone faced this kind of issue with Active Directory and any suggestions or recommendations to overcome this issue?
Thank you!
This is strange issue, never faced/heard. If there is no change at all, attribute requests will be filtered out.
Can you check if it is for all users or some users it is triggering repeatedly ?
Do you have Before Provisioning Rule in place, check if it has any logic that is causing this issue.
Thanks
Krish
Hi @mmatha,
Are you using High Availabiity IQ Server with load balancer? If you are using single IQServer suggest user DR IQServer with load balancer.
Thanks,
Siva.K
It could also be an update account provisioning policy that is messing with your source:
First of all find out which attribute is getting synced daily. We had faces the same issue for the account expiry and resolved it so that it did not sync .let me know by checking for which attribute then i can guide you.
Thanks
Shantanu
Check to see if “streetAddress” is being synchronized. For some reason (I’m guessing because of the datatype). This attribute seems to always be flagged as a mismatch and gets overwritten every time an attribute synch runs even if the data looks the same.
Thanks for the response!
It looks like it is triggering for all users that are created by IdN and we do not have any before provisioning rule in place.
However, we have few attributes like knownas, managername, domainsuffix in the update provisioning policy but these attributes are not getting updated on a daily basis -
I am planning to remove the attributes in update provisioning plan and see if it reduces the number of modify account requests.
I have this happen with accountExpires
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.