ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

When does the Endpoint Agent query the AD server for User Group resolution

book

Article ID: 160197

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Symantec Data Loss Prevention (DLP) Endpoint

The Endpoint Agent queries the Active Directory Server for targeting on User Group policies. 
How often does the Endpoint Agent query the AD Server?

Resolution

The Endpoint Agent queries the AD Server every time the edpa process is started.  If the user shuts down their machine every night, the server will be queried when the machine is restarted.

If the Endpoint Agent is up for a default seven days, the agent will query the AD Server again.  This value is configurable in the Advanced Agent Settings: 

If the Endpoint user is connecting via VPN, the agent may not be able to connect to the AD Server at startup, because the startup of the edpa process occurs before the machine is able to connect to the AD Server.  In this case, the agent will attempt to use the grp.ead file at startup, and will attempt again at the seven day mark and beyond.

If there is no grp.ead file, and the Endpoint Agent cannot connect to the AD Server, the Endpoint Agent will treat the user as if they are in no group.