Grouping Changes in Active Directory group membership take hours to update PGP Encryption Server
search cancel

Grouping Changes in Active Directory group membership take hours to update PGP Encryption Server

book

Article ID: 222563

calendar_today

Updated On: 05-09-2025

Products

Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Changes in Active Directory group membership are not reflected on the PGP Encryption Server immediately.  Making some of the changes for Grouping may take some time depending on different variables at play.

If the Grouping operation is taking longer than is acceptable, please reach out to Broadcom Encryption Support for guidance and we can work with you to speed up these groupings. 

Environment

PGP Encryption Server (Symantec Encryption Management Server) 10.5 and above.

Resolution

PGP Encryption Server synchronizes with Active Directory every 21,600 seconds (6 hours) by default. To confirm this setting, ssh to the server and run the following command:

Note that in a clustered environment only one cluster member will perform the synchronization with Active Directory each time it runs.

If you wish to always synchronize more frequently you can edit the prefs.xml file and change the periodic-scan-interval to a lower value. For assistance making these changes, please reach out to Broadcom Encryption Support and we can work with you on this operation.

Additional Information