It is taking hours for changes to a user's Security Group membership in Active Directory to be reflected in the user's Symantec Encryption Management Server Group membership.
Note that when regrouping starts, the following entry is logged to the Reporting / Logs / Groups log in the admin console:
GROUPPERIODIC: Starting periodic regrouping of all consumers
In release 3.4.1 MP2 and above, when regrouping completes, the following entry is logged:
USERQUEUE: Completed periodic regrouping of all consumers
By default, Encryption Management Server sychronizes with Active Directory 6 hours (21,600 seconds) after the previous regrouping has completed.
Encryption Management Server 3.3 and above.
Regrouping can take many hours if some or all of the following conditions are true:
There are several ways of improving the speed of regrouping:
Often, only one or two Encryption Management Server Groups need to be synchronized more quickly than usual. To synchronize the members of a specific Encryption Management Server Group with Active Directory, do the following: