Force Active Directory Refresh

mbartosh · September 18, 2019, 2:37pm

Is there a way to force the BES client to refresh its AD cache in C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData__Global\ADCache?

fermt · September 18, 2019, 3:00pm

Restarting the service will refresh the AD cache as I know

mbartosh · September 18, 2019, 3:22pm

Good point, and there is a fixlet to restart the BES Client service in the BES Support site.

199	TROUBLESHOOTING: Restart the BES Client Service

vnovik · September 19, 2019, 2:55am

Hello mbartosh,

The following setting might be helpful:
_BESClient_Inspector_ActiveDirectory_Refresh_Seconds
It controls a frequency of polling AD info by the BES Client

Additional details could be found here:
https://www.ibm.com/support/pages/why-isnt-active-directory-property-updating

Regards,
Vitaliy

TimRice · September 19, 2019, 3:36pm

Be VERY careful with this setting. It can cause performance issues with your clients if you set it too low. It has the default it does for a reason.

mbartosh · November 24, 2020, 8:54pm

I wonder if a client restart would be needed prior to issuing an action with relevance for a Users membership in an AD group, or does the AD group refresh when relevance is tested in an action.

TimRice · November 25, 2020, 12:25am

To ensure that the information is accurate to the second, yes, you would need to stop/start the BES Client because normally, it will only update the AD information based on the Refresh interval. My understanding is that it’s a problem of response times. The BES Client is performing activities that center around milliseconds, while responses to AD Group Membership queries can take seconds to respond. An eternity to the BES Client.

mbartosh · November 25, 2020, 9:30pm

Great answer! Thank you for the reply.