When Directory Synchronization is enabled, Encryption Management Server regroups all users against Active Directory every 6 hours by default. It checks whether users are still present in Active Directory. If Encryption Management Server groups are associated with Active Directory security groups, it checks whether Encryption Management Server internal users are still members of those Active Directory security groups.

Encryption Management Server also regroups all users if any group is:

1. Created.
2. Saved (with or without modification).
3. Deleted.

If Encryption Management Server contains tens or hundreds of thousands of users and regrouping is slow, this may lead to a slight performance degradation on the Encryption Management Server that is running the regrouping task.

Symantec Encryption Management Server 3.3.2 MP13 and above.

If you have not made changes, always click the Cancel button to leave the Group Settings page, rather than the Save button. This will avoid triggering a regrouping.

Ensure that Encryption Management Server has good network connectivity to any Windows domain controllers that it is configured to use for Directory Synchronization and that the domain controllers are not overloaded.