By default, all registered domains are automatically synchronized with Active Directory every 3 hours. You can also synchronize on demand.
About this task
Through the vSphere Web Client UI, you can perform a force sync for Active Directory domains. A periodic sync is automatically performed once a week, and a delta sync every 3 hours. It is not possible to selectively sync sub-trees through the UI.
With NSX 6.4 and later it is possible to selectively sync active directory sub trees using API calls. The root domain cannot have any parent-child relationships and must have a valid directory distinguished name.
/api/1.0/directory/updateDomainhas an options to specify the folder under root domain. And there is an option to perform a force update
private boolean forceUpdate.
/api/directory/verifyRootDN. Verify that the list of rootDN doesn't have any parent-child relationships. Verify each rootDN is a valid active directory distinguished name.
- In the vSphere Web Client, navigate to .
- Click the Domains tab, and then select the domain to be synchronized.
Any changes made in Active Directory will NOT be seen on NSX Manager until a delta or full sync has been performed.
- Select one of the following:
Perform a delta synchronization, where local AD objects that changed since the last synchronization event are updated
Perform a full synchronization, where the local state of all AD objects is updated