Changes in Active Directory group membership are not reflected on the PGP Encryption Server immediately. Making some of the changes for Grouping may take some time depending on different variables at play.
If the Grouping operation is taking longer than is acceptable, please reach out to Broadcom Encryption Support for guidance and we can work with you to speed up these groupings.
PGP Encryption Server (Symantec Encryption Management Server) 10.5 and above.
PGP Encryption Server synchronizes with Active Directory every 21,600 seconds (6 hours) by default. To confirm this setting, ssh to the server and run the following command:
Note that in a clustered environment only one cluster member will perform the synchronization with Active Directory each time it runs.
If you wish to always synchronize more frequently you can edit the prefs.xml file and change the periodic-scan-interval to a lower value. For assistance making these changes, please reach out to Broadcom Encryption Support and we can work with you on this operation.