Skip to main content

Detecting changes in AD target system using the "Enable persistent listing" option

This example shows how to configure Bravura Security Fabric to receive changes from Active Directory and AD LDS LDAP as they happen on the domain controller. This feature is only present on Active Directory DN and LDAP target systems on Lightweight Directory Services (AD LDS). It is disabled by default.

This example assumes that:

  • Bravura Security Fabric and Connector Pack installed.

  • An Active Directory target system is added as a source of profiles.

Use target system option to enable persistent listing in AD target system

  1. Log in to the front-end as superuser.

  2. Click Manage the System > Resources > Target systems > Manually defined.

  3. Select the Active Directory target system.

  4. Ensure that the Enable persistent listing box is selected.

  5. Click Update to save the change

  6. Run auto discovery using either the Manage the system module or command-line interface, which will run the Persistent Connector Service (agtsvc) on the target.

If you change which objects are listed, where objects are listed from, or which attributes are listed; for example, change the OUs to list users or groups from, complete the following additional steps:

  1. Use targetsync to synchronize the instance database state with the state of the target system.

    cd C:\Program Files\Bravura Security\Bravura Security Fabric\default\util\ targetsync.exe -target <AD_target_name>

  2. Stop discovery on the target system then use the Persistent Connector Service client program. agtsvccli , to make a new full list with the -full option

    agtsvccli.exe -startlist --targetid <AD_target_id> -full

  3. Run auto discovery using either the Manage the system module or command-line interface.

When persistent listing is enabled,

  • The first time the Persistent Connector Service runs, it will list all objects. Each subsequent time the service will only list changes detected.

  • If the service is stopped, upon restart it will list all changes since it was stopped.

  • The domain controller that the service lists from can be changed without losing data.

  • If a full list to reload all data must be redone, this can only be accomplished using the -full option with the Persistent Connector Service client program, agtsvccli.

In this section: