Environment
Directory and Resource Administrator 8.6x
Situation
In some large Active Directory Domains managed by Directory and Resource Administrator have large numbers of group membership changes. The AD Collector for DRA Reporting Services will process each group membership change during is run.
Resolution
Starting with DRA 8.6 SP1, the ability exists to bypass the group membership change collection by the AD Collector. To cause the AD Collector to skip this, a new registry key and node will need to be created. The new node should be named CollectGroupMembership The node should be created at the following registry path:
For (x86) machines:
HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Modules\Collectors\AD Collector
For (x64) machines:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mission Critical Software\OnePoint\Administration\Modules\Collectors\AD Collector
Within the new node of CollectGroupMembership create a Create a DWORD key with FQDN of domain name "ABC.com". To prevent the AD Collector from reading group membership changes, set the value of the Key to be 0. To allow the AD Collector to read group membership changes, delete the new key or set the value to 1.
After applying this key, restart the NetIQ DRA Core Service.
Cause
In large AD Domains the number of group membership changes can cause the AD Collector to run for an extended amount of time. This can cause the AD Collector to timeout before collecting all AD data. Using the updated registry key allows the AD collector to skip collecting the group membership changes. This will allow the AD collector, for large AD Domains, to complete much sooner.
Additional Information
This updated key must be added to ALL DRA Servers. This key is not replicated as a part of the normal DRA Mutli Master Set Sync.