Endpoint User Group Lookup Fails - User Belongs to No Group
search cancel

Endpoint User Group Lookup Fails - User Belongs to No Group

book

Article ID: 159713

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

An Endpoint Policy uses Active Directory for targeting user groups.  What happens when the Endpoint agent is unable to connect to the server because the agent machine is off the corporate network?

Resolution

Active Directory information is cached at the Endpoint.  If a user is disconnected, then we used the cached AD information.  The only time there would be a problem is if we are never able to connect to the AD server. If the User Groups are not available because they never connected in the Detection Request when needed, it is treated as if the User belongs to no groups and processing continues as normal. If the agent does not ever restart, it would re-ping AD for the current group information every seven days. The default value of seven days is configurable.

 

Additional Information

Additional information on how the agent is performing AD checks can be found here When does the Endpoint Agent query the AD server for User Group resolution (broadcom.com).