How long does it take for DHA protection to see new e-mail addresses in Active Directory?
We added some new employees yesterday to our AD and Exchange servers and then had some external e-mails sent to them from the company doing our payroll. The DHA protection kicked in and the e-mails were bounced. When I tested the usernames in the appliance, it found them just fine. Does the DHA protection use some kind of cache that's updated periodically? I ended up having to disable DHA protection to get e-mails to come in to the new accounts without bouncing. Then, this morning, I turned it back on, and external e-mails come in just fine.
Best Answers
-
BWC Cybersecurity Overlord ✭✭✭
Hi @Trevor
usuaully within one hour the LDAP users should be imported into the usermap.xml. You can find the frequency setting at 'Manage -> System Setup -> Server -> LDAP Configuraiton, lokk at Global Configurations.
To check if your usermap.xml is current you can download it at Manage -> System Setup -> Server -> Advanced. Over here you have to browse through the Download System/Log Files Typ of file, select Data Directory in the list and then usermap.xml. Super easy, convinient and user friendly to the max.
I had situations where usermap.xml was populated but DHA protection still complained, but in general it works.
Hope this help a little.
Stay safe.
--Michael@BWC
1 -
Gailand SonicWall Employee
The frequency is hard coded to one hour. If you add users to your Active Directory, all you have to do is go to the Users section and click the button "Refresh Users & Groups" and the system will immediately poll the AD server and pull them down. This way, you do not have to wait the hour to begin using the new addresses.
To see if your usermap.xml is current, You need to go to Monitor, System Status, and look at the time listed beside "Last updated timestamp for usermap.xml:"
1
Answers
Thank you, that was very helpful!
Very good to know about the Refresh button! Thanks!
Hi @Gailand
that's interessting, what's the LDAP usermap frequency than used for?
In my experience Refresh Users & Groups do not always work as expected, but maybe it's related to OpenLDAP which is an ongoing struggle for months.
--Michael@BWC
Although I should mention that DHA protection was still blocking e-mails to the new employees several hours after they had been added. It did resolve overnight, however.