Advanced Configuration

this document outlines advanced configuration techniques and troubleshooting steps for activate security group compliance manager (sgcm) it is intended for administrators and engineers managing complex or high scale environments advanced configuration sgcm offers flexible configuration options to extend monitoring scope, integrate with other activate products, and fine tune event processing extending the schema the default sgcm connector schema can be extended to include additional active directory attributes this allows organisations to monitor and respond to changes beyond the standard set to extend the schema open activate studio navigate to resources > active directory locate and edit the schema parameter add a new column definition using the following format \<column name="extensionattribute1" type="varchar(256)" default="''" /> after editing the schema, run the regenerate schema task to apply changes, then reimport data using the import workflow adjusting polling and event sensitivity sgcm’s polling frequency and event thresholds can be adjusted to balance performance and responsiveness parameter description default connector polltime sets how often the orchestrator checks for changes (in seconds) 600 maxchanges limits the number of rows processed per cycle 0 (unlimited) retry/timeout defines how long failed changes should be retried +2 days for high change environments, consider increasing connector polltime or setting maxchanges to a practical limit event handler customisation event handlers can be customised to include additional logic, such as department specific alerts or dynamic role lookups example department based notification \<events> \<update> \<notify> \<users>=//roles/departments/%=//current/department%\</users> \<message> \<subject>departmental group change detected\</subject> \<body>\<!\[cdata\[ a change to group membership was detected in the %=//current/department% department object %=//current/displayname% ]]>\</body> \</message> \</notify> \</update> \</events> performance tuning to optimise sgcm performance run the fullworkflowwithgroups workflow at intervals suitable for your environment avoid unnecessary attribute monitoring by disabling the @monitor flag on low priority columns regularly clean up historical compliance data using scheduled maintenance tasks ensure the activate orchestrator service has sufficient memory and processing capacity common issues and solutions issue possible cause resolution polling not running orchestrator service stopped or misconfigured confirm activate orchestrator is running and parameters are correctly set no ad changes detected incorrect domain controller or missing permission verify the connector adserver parameter and ensure the account has replicate directory changes permission import fails or incomplete schema mismatch regenerate schema and reimport ensure new attributes exist in both ad and the connector schema slow processing high change volume or low system resources increase connector polltime or optimise database performance duplicate notifications multiple workflows configured for same event review event definitions to avoid overlapping connector events configurations diagnostic tools use the following methods to diagnose sgcm issues activate logs – review orchestrator logs for event and workflow errors connector data view – inspect pending or failed change rows under resources > active directory audit history – check the audit log for recorded remediation actions or notifications sql queries – analyse connector tables to verify import status or object counts maintenance recommendations to maintain long term stability and accuracy perform a full reimport after significant ad structural changes archive or purge historical connector data regularly verify background polling workflows weekly schedule periodic restarts of the activate orchestrator during maintenance windows escalation and support if internal troubleshooting does not resolve the issue collect relevant log files from the activate orchestrator export event configurations from the affected domain resource contact your activate support representative with the error details, workflow configuration, and orchestrator logs summary advanced configuration allows sgcm to adapt to diverse organisational structures and compliance requirements with proper schema management, performance tuning, and event customisation, sgcm ensures continuous, accurate, and efficient monitoring of active directory environments