User Import from AD source fails.

(Enforce> System > Users > Data Sources)

may show status column as failed.

When checking for more detail on error in logs, You may see following error in localhost logs:

SEVERE [com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask] User Synchronization failed:

Cause:

com.vontu.enforce.domainlayer.datauser.TooManyEntriesException: Total number of enforce logins would exceed the threshold of 500.com.vontu.enforce.domainlayer.datauser.TooManyEntriesException: Total number of enforce logins would exceed the threshold of 500

Release: 15.x 16.0.x

The Enforce server Config Folder contains an enforce.properties file within that the value that customer are hitting above

Example in 15.8.x: EnforceServer\15.8.00000\Protect\config\enforce.properties

# Maximum number of users AD sync feature can create. Note that enforce is known to *not* scale to more than ~50 concurrent logins.

com.vontu.manager.adroles.max_user_threshold = 500

Change the value of 'com.vontu.manager.adroles.max_user_threshold' from enforce.properties file to a higher value only as far as required for AD Sync job to complete successfully

It is ok to change this setting higher as long as it's not anticipated to have more than 50 concurrent logins to DLP Enforce console at one time, which could degrade performance.