CaterhamITSupport
Member Advanced IT Monkey ✭✭✭
Dear All,
Does anyone know if there is a limit on how many AD connectors you can have in SCSM before it starts to make SCSM slow?
Kind Regards
Daniel
TERMS OF USE
AGREEMENT BETWEEN USER AND CIRESON
The Cireson Community Web Site is comprised of various web pages operated by Cireson, LLC (collectively, the web pages are referred to herein as the “Cireson Community Web Site”).
The Cireson Community Web Site is offered to you conditioned on your acceptance of the terms, conditions, and notices contained herein without modification or exception. Your use of the Cireson Community Web Site constitutes your agreement to all such terms, conditions, and notices contained in these Terms of Use.
MODIFICATION OF THESE TERMS OF USE
Cireson reserves the right to change the terms, conditions, and notices under which the Cireson Community Web Site is offered, including but not limited to the charges associated with the use of the Cireson Community Web Site upon written notice.
LINKS TO THIRD PARTY SITES
The Cireson Community Web Site may contain links to other Web Sites (“Linked Sites”). The Linked Sites are not under the control of Cireson and therefore Cireson is not responsible for the contents of any Linked Site, including, without limitation, any link contained in a Linked Site, or any changes or updates to a Linked Site. Cireson is not responsible for webcasting or any other form of transmission received from any Linked Site. Cireson is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Cireson of the site or any association with its operators.
NO UNLAWFUL OR PROHIBITED USE
As a condition of your use of the Cireson Community Web Site, you warrant to Cireson that you will not use the Cireson Community Web Site for any purpose that is prohibited by law, rule regulation or by any of these terms, conditions, and notices, including, without limitation the export of any Software or technical data to any country prohibited by law. You may not use the Cireson Community Web Site in any manner which could damage, disable, overburden, or impair the Cireson Community Web Site or interfere with any other party’s use and enjoyment of the Cireson Community Web Site. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available or provided for through the Cireson Community Web Site.
USE OF COMMUNICATION SERVICES
The Cireson Community Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, calendars, and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (each a “Communication Service,” and collectively, “Communication Services”). You agree to use the Communication Services only to post, send and receive messages and material that are appropriate, proper and related to the particular Communication Service. By way of example, and not as a limitation, you agree that when using a Communication Service, you will not:
Cireson has no obligation to monitor the Communication Services. However, Cireson reserves the right to review materials posted to a Communication Service and to remove any materials in its sole discretion. Cireson reserves the right to suspend or terminate your access to any or all of the Communication Services at any time without notice for any reason whatsoever.
Cireson reserves the right at all times to disclose any information as necessary to satisfy any applicable law, rule, regulation, legal process or governmental request, or to edit, refuse to post or to remove any information or materials, in whole or in part, in Cireson’s sole discretion.
Always use caution when giving out any personally identifying information about yourself or your children in any Communication Service. Always use caution when giving out any information concerning your employer or customers, if any. Cireson does not control or endorse the content, messages or information found in any Communication Service and, therefore, Cireson specifically disclaims any liability with regard to the Communication Services and any actions resulting from your participation in any Communication Service. Managers and hosts are not authorized Cireson spokespersons, and their views do not necessarily reflect those of Cireson.
Materials uploaded to a Communication Service may be subject to posted limitations on usage, reproduction and/or dissemination. You are responsible for adhering to such limitations if you download the materials.
MATERIALS PROVIDED TO CIRESON OR POSTED ON THE CIRESON COMMUNITY WEB SITE
Cireson does not claim ownership of the materials you provide to Cireson via the Cireson Community Web Site (including feedback and suggestions) or post, upload, input or submit to the Cireson Community Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Cireson, its affiliated companies and sublicensees permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.
No compensation will be paid with respect to the use of your Submission, as provided herein. Cireson is under no obligation to post or use any Submission you may provide and may remove any Submission at any time in Cireson’s sole discretion.
By posting, uploading, inputting, providing or submitting your Submission you warrant and represent that you own or otherwise control all of the rights to your Submission as described in this section including, without limitation, all the rights necessary for you to provide, post, upload, input or submit the Submissions.
LIABILITY DISCLAIMER
THE INFORMATION, SOFTWARE, PRODUCTS, AND SERVICES INCLUDED IN OR AVAILABLE THROUGH THE CIRESON COMMUNITY WEB SITE MAY INCLUDE INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN. CIRESON (OR ITS SUPPLIERS) MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE CIRESON COMMUNITY WEB SITE AT ANY TIME. ADVICE RECEIVED VIA THE CIRESON COMMUNITY WEB SITE SHOULD NOT BE RELIED UPON FOR PERSONAL, MEDICAL, LEGAL OR FINANCIAL DECISIONS AND YOU SHOULD CONSULT AN APPROPRIATE PROFESSIONAL FOR SPECIFIC ADVICE TAILORED TO YOUR SITUATION.
NEITHER CIRESON NOR ANY OF ITS SUPPLIERS MAKE ANY REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, AVAILABILITY, TIMELINESS, AND ACCURACY OF THE INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS CONTAINED ON THE CIRESON COMMUNITY WEB SITE FOR ANY PURPOSE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ALL SUCH INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS ARE PROVIDED “AS IS” WITHOUT WARRANTY OR CONDITION OF ANY KIND. CIRESON AND/OR ITS SUPPLIERS HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL CIRESON AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OR PERFORMANCE OF THE CIRESON COMMUNITY WEB SITE, WITH THE DELAY OR INABILITY TO USE THE CIRESON COMMUNITY WEB SITE OR RELATED SERVICES, THE PROVISION OF OR FAILURE TO PROVIDE SERVICES, OR FOR ANY INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS OBTAINED THROUGH THE CIRESON COMMUNITY WEB SITE, OR OTHERWISE ARISING OUT OF THE USE OF THE CIRESON COMMUNITY WEB SITE, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF CIRESON OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF CIRESON COMMUNITY WEB SITE, OR WITH ANY OF THESE TERMS OF USE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE CIRESON COMMUNITY WEB SITE.
SERVICE CONTACT: team@cireson.com
TERMINATION/ACCESS RESTRICTION
Cireson reserves the right, in its sole discretion, to terminate your access to the Cireson Community Web Site and the related services or any portion thereof at any time, without notice.
GENERAL
To the maximum extent permitted by law, this agreement is governed by the laws of the State of California, U.S.A. and you hereby consent to the exclusive jurisdiction and venue of courts in San Diego County, California, U.S.A. in all disputes arising out of or relating to the use of the Cireson Community Web Site. Use of the Cireson Community Web Site is unauthorized in any jurisdiction that does not give effect to all provisions of these terms and conditions, including without limitation this paragraph. You agree that no joint venture, partnership, employment, or agency relationship exists between you and Cireson as a result of this agreement or use of the Cireson Community Web Site. Cireson’s performance of this agreement is subject to existing laws and legal process, and nothing contained in this agreement is in derogation of Cireson’s right to comply with governmental, court and law enforcement requests or requirements relating to your use of the Cireson Community Web Site or information provided to or gathered by Cireson with respect to such use. If any part of this agreement is determined to be invalid or unenforceable pursuant to applicable law including, but not limited to, the warranty disclaimers and liability limitations set forth above, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the agreement shall continue in effect. Unless otherwise specified herein, this agreement constitutes the entire agreement between the user and Cireson with respect to the Cireson Community Web Site and it supersedes all prior or contemporaneous communications and proposals, whether electronic, oral or written, between the user and Cireson with respect to the Cireson Community Web Site. A printed version of this agreement and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to this agreement to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. It is the express wish to the parties that this agreement and all related documents be drawn up in English.
COPYRIGHT AND TRADEMARK NOTICES:
All contents of the Cireson Community Web Site are: Copyright 2016 by Cireson, LLC and/or its suppliers. All rights reserved.
TRADEMARKS
The names of actual companies and products mentioned herein and on the Cireson Community Web Site may be the trademarks of their respective owners.
The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.
Any rights not expressly granted herein are reserved.
NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COPYRIGHT INFRINGEMENT
Cireson respects the intellectual property of others and asks that users of the Cireson Community Web Site do the same. In connection with the Cireson Community Web Site, we have adopted and implemented a policy respecting copyright law that provides for the removal of any infringing materials and for the termination, in appropriate circumstances, of users of the Cireson Community Web Site who are repeat infringers of intellectual property rights, including copyrights. If you believe that one of the Cireson Community Web Site users is, through the use of the Cireson Community Web Site, unlawfully infringing the copyright(s) in a work, and wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to 17 U.S.C. § 512(c)) must be provided to our designated Copyright Agent:
Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by us in connection with the written notification and allegation of copyright infringement.
Designated Agent: Matthew W. Deen, Esq.
Address of Agent: 1620 Fifth Avenue, Suite 875, San Diego, CA 92101
Telephone: 619-993-8873
Fax: 888-244-8458
Email: matt.deen@cireson.com
Answers
We attempted once to have a few to break apart the sync jobs. Ending killing the entire farm. There shouldn't be a need for more then one per domain.
So having more than one will slow the system down? We do have different OU's with different accounts though. What do you think is best for this?
Thank you for the response.
Daniel
We have 97 different OU's and when we tried to break the connector out to a couple, we got SQL locks corrupting the entire system. So no slowness, it was a total rebuild. So one domain with different OU's the one connector and bring them all in.
Thank you for your advice. We have about 17 connectors AD Connectors and Email Connectors. AD Connectors approx 14. The reason we have so many connectors is to keep the user account CI down for licensing of Cireson / SCSM. I dont want to redesign our OU's but SQL is locking up like you had.
You are on danger-est ground with 14 AD connectors, we lost our entire farm due to that design it was around that number when it blew up. You can select specific assets in one AD connector by choosing specific OUs and LDAP queries. There is no user account licensing cost on both Cireson and SCSM so don't know what the is in play. For most enterprises I have seen everyone is running SA license for SCCM(MECM) and when you have that, it licenses the entire System Center suite. (I don't recall if Cireson had tiers on their license but don't think so unless it has changed)
We have 3, one for users, one for groups and one for certain computer objects. Everything is fine for us that way though.
So we have approx 14 which are pulling in user accounts from different areas AD. Is there a better way to do this?
I have managed to consolidate them down to 10 AD connectors, 6 Exchange and 1 SCCM. Any advice is appreciated. Getting a lot of errors:
The database subscription query is longer than expected. Check the database or simplify the database subscription criteria.
The following errors were encountered:
Exception message: Subscription query is taking long.
You could break your user connectors down to one and just use an LDAP filter to accomplish what you want.
But as we just import all users from our company (we only have one domain) I cannot help you in regards of LDAP
Would disabling them for now help and does disabling AD connectors affect anything other than importing new users and groups? If I disable it shouldnt affect much, even if I do this for a week to give me some time?
AD Connectors not just import new objects, they also update existing ones. So this wouldn't happen neither if you disable them.
So just checked in AD and the AD connectors are pointing to OU's with just users in. Do you know what the filter is for checking for just users and not computers?
we have it that way:
Thank you for the direction Simon, really appreciate it.
Just checking Simon, do you need to select box the users and or groups and enter what you put? Why is that greyed out (is it because the connector is already created and you cannot edit?)
Tbh I don't remember how we set it up. 🙈
But I Guess you have to select the checkbox
Thank you Simon you have been really helpful. Also thank you Brian.
Simon just to make you aware i created the ldap query like you have done above and its unchecked. When i created it, it was checked and after you cannot edit and greyed out. So you are spot on.
Hi Simon again, do you have the filter syntax for groups? Is it just change user to group?
But I guess it should be possible to combine them
Thank you Simon.
As a side note
Exception message: Subscription query is taking long.
This is not anything with the AD connector.
This is the worfklow rules running taking longer then SCSM wants.
We see these all the time, most common after a reboot while the workflows "catch up" or during an large import job overnight.
As long as you are not seeing them all day long, the and your workflows are completing your fine.
This ldap filter catches both:
(|(objectClass=user)(objectClass=group))
I have now got the connectors down to 9 and change connectors to use user filter against an OU. I have changed the group one to OU / group filter. At this moment seems better but will only know by tomorrow. Thank you everyone on here for the help so far.
We are getting these through the day was every 30 seconds. I have made the changes to the connectors which have helped from here and also unchecked groups / null now.
Also we have changed from SAS 15K disk to SSD which has helped a bit and moving to local storage.
The performance really comes down to how well the SQL farm is configured.
We are running internal SSDs for the databases. with the brokers enabled. Along with a 1 TB performance SSD for the temp db's. And even with that where the Disk response rate is less then 20ms still get some warnings about subscriptions taking too long. What you really need to monitor is how long the workflow is behind
If you run this command against the SCSM databse it will show you your workflow performance. The column to review is Minutes behind.
DECLARE @MaxState INT, @MaxStateDate Datetime, @Delta INT, @Language nvarchar(3)
SET @Delta = 0
SET @Language = 'ENU'
SET @MaxState = (
SELECT MAX(EntityTransactionLogId)
FROM EntityChangeLog WITH(NOLOCK)
)
SET @MaxStateDate = (
SELECT TimeAdded
FROM EntityTransactionLog
WHERE EntityTransactionLogId = @MaxState
)
SELECT
LT.LTValue AS 'Display Name',
S.State AS 'Current Workflow Watermark',
@MaxState AS 'Current Transaction Log Watermark',
DATEDIFF(mi,(SELECT TimeAdded
FROM EntityTransactionLog WITH(NOLOCK)
WHERE EntityTransactionLogId = S.State), @MaxStateDate) AS 'Minutes Behind',
S.EventCount,
S.LastNonZeroEventCount,
R.RuleName AS 'MP Rule Name',
MT.TypeName AS 'Source Class Name',
S.LastModified AS 'Rule Last Modified',
S.IsPeriodicQueryEvent AS 'Is Periodic Query Subscription', --Note: 1 means it is a periodic query subscription
R.RuleEnabled AS 'Rule Enabled', -- Note: 4 means the rule is enabled
R.RuleID
FROM CmdbInstanceSubscriptionState AS S WITH(NOLOCK)
LEFT OUTER JOIN Rules AS R
ON S.RuleId = R.RuleId
LEFT OUTER JOIN ManagedType AS MT
ON S.TypeId = MT.ManagedTypeId
LEFT OUTER JOIN LocalizedText AS LT
ON R.RuleId = LT.MPElementId
WHERE
S.State <= @MaxState - @Delta
AND R.RuleEnabled <> 0
AND LT.LTStringType = 1
AND LT.LanguageCode = @Language
--AND S.IsPeriodicQueryEvent = 0
/*Note: Uncomment this line and use this optional criteria if you want to
look at a specific workflow that you know the display name of*/
--AND LT.LTValue LIKE '%Test%'
ORDER BY S.State Asc
Thank you Brian, I will look into this. The SQL script has identified some work flows which are no longer needed too.
I ran the following command also and the output has some failed jobs:
Script:
SELECT
InternalJobHistoryId,
Command,
TimeStarted,
timefinished,
statuscode
FROM InternalJobHistory WITH(NOLOCK)
WHERE
TimeFinished IS NULL AND
StatusCode <> 1
order by timestarted desc
Exec dbo.p_GroomStagedChangeLogs 55270A70-AC47-C853-C617-236B0CFF9B4C, 0, , 1000
Exec dbo.p_GroomTypeSpecificLogTables
Exec dbo.p_GroomPartitionedObjects and dbo.p_Grooming
Time finished is Null
Do I need to be concerned about this?
The script also help find your periodical notification subscriptions.
(Ones where Curent workflow watermark is 0)
Those are heavy hitters depending on your work item volumn in the live DB.
We spent a good amount of effort changing those.