Logon on Enterprise Management Console is delayed


Article ID: 7015


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


Customer add new AD server. 

So, he change AD server setting in ac-dir.xml from old machine to new machine. 

And then he has met the delayed login problem. when he login via ENTM console, it takes 50-65 seconds. 



Customer defined many customized Role and following many ActiveDirectory group at Member rule in each Roles:



  <Group name="CN=ADGROUP001,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP002,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP003,CN=Users,DC=testAD,DC=local"/> 


  <Group name="CN=ADGROUP098,.... 



When user login to ENTM server, PIM search role and check user has which role. 

It takes long time for searching. So, login is delayed. 



OS: Windows AllProd: CA Privileged Identity Manager r12.8 CF2 for SAM or later CDB: MS SQLServer or ORACLE User Store: Active Directory


Create Container group for each Role's member.

for Example, 


  + ADGROUP001

  + ADGROUP002

  + ADGROUP003


  + ADGROUP098


And Member rule defined as following:


  <Group name="CN=GGroup1,CN=Users,DC=testAD,DC=local"/>