Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-5677: Performance enhancement on Centrify Suite 2015.1 (DirectControl 5.2.3)

Authentication Service ,  

12 April,16 at 11:46 AM


What is the major performance enhancement
on Centrify Suite 2015.1 (DirectControl 5.2.3)?


Prior to Centrify Suite 2015.1, Centrify DirectControl agent (adclient) keeps an acquisition timestamp for the group object itself, and another timestamp for the members. The membership expiration is strictly depends on its own timestamp. Once the cache expired, we process to refresh the group memberships in background and perform this for every group. This may consider as extra loading for domain controller as most of AD groups were not changed frequently.

Starting from Suite 2015.1, we have optimized the procedure to refresh the group membership information in the local cache. When Centrify DirectControl agent (adclient) tries to refresh group membership in cache, we check the usnChanged for the target group and all sub-groups before traverse the group tree.  If none of subgroup shows any change, this implies the membership is up to update. We simply update the acquisition timestamp for the cached object. This optimization mainly helps the performance when there is NO group membership changed. In the case where group membership has changed, the performance should be similar as previous release.