Every 6 hours by default, Encryption Management Server regroups internal users against Active Directory if Directory Synchronization against Active Directory has been enabled.

After changing the domain controller that Encryption Management Server uses for directory synchronization, regrouping may take much longer.

To check how long regrouping is taking, from the administration console:

1. Click on Reporting / Logs.
2. Select the Groups log.
3. Search for Starting periodic regrouping of all consumers to find out the date and time regrouping last started.
4. Search for Completed periodic regrouping of all consumers to find out the date and time regrouping last completed.

Symantec Encryption Management Server 3.4.2 and above.

Some domain controllers can be many times faster or slower than others. In a large environment this can mean the difference between regrouping taking a few hours or even days.

Regrouping performance depends on the number of requests that the domain controller is having to service and the network latency involved in the connection from Encryption Management Server.

If performance is very slow, using a domain controller that is physically near to Encryption Management Server is a good starting point.

Pointing Encryption Management Server to a Read Only Domain Controller (RODC) may provide improved performance, especially if the RODC is lightly used.

In addition, some organizations may use a load balancer to ensure optimum distribution of requests to a pool of domain controllers. Pointing Encryption Management Server to the address of such a load balancer, if one is available, may offer improved performance.