By default, QuantaStor caches Active Directory user names and associated Unix user and group IDs (UID/GID) information within the service. It enables you to quickly search for users and groups and assign storage share access by clicking on the User Access tab in the Modify Network Share dialog box (Figure 1).

Figure 1

When adding new users or groups to your Active Directory environment be sure to update the QuantaStor cache so that the new users show up in the user list. To do this, choose the “Search & Clear Cache” option forcing the QuantaStor service to refresh the cache of users and their associated UID/GID mappings (Figure 2).

 Figure 2

Active Directory Caching for Large Enterprise Deployments

For large Active Directory environments (10K to 100K+ users and groups), it can take time for QuantaStor to gather the Active Directory information and re-populate the cache. If it takes too long due to a very large number of users, the scan may time out and the in-memory Active Directory cache of information will appear empty (Figure 3).

Figure 3

As an example, for configurations with 60K users and groups, it can take almost 15 minutes to populate the cache. Therefore, an alternative approach is needed for these types of configurations. To make QuantaStor work quickly and efficiently in large environments, QuantaStor 3.15 now provides the ability to create an on-disk cache of the Active Directory user list and UID/GID mapping information that the QuantaStor service can use in lieu of scanning that information directly from Active Directory.

In this mode where the on-disk Active Directory cache is present, using the “Search & Clear Cache” option from the web user interface does not clear the on-disk Active Directory cache. It can only be created, cleared, and updated using the qs-util command line utility “adcache” commands.

To generate or create the QuantaStor service on-disk AD cache, use the following commands:

sudo qs-util adcachegenall

To clear all QuantaStor service on-disk AD cache information use these commands:

sudo qs-util adcacheclearall

The full list of on-disk Active Directory cache management commands includes:

   qs-util adcachelistfiles    : List the files in the AD cache.

   qs-util adcachegenall      : Generates AD cache of users and groups.

   qs-util adcacheclearall    : Clears AD cache of users and groups.

   qs-util adusercachegen      : Generates a cache of AD users.

   qs-util adusercacheclear    : Clears a cache of AD users.

   qs-util adgroupcachegen     : Generates a cache of AD groups.

   qs-util adgroupcacheclear    : Clears a cache of AD groups.

When new users are added to an Active Directory environment the on-disk Active Directory cache QuantaStor information will be out of date. To update the Active Directory run the following command to update all cache files: qs-util adcachegenall. To automatically update the Active Directiry cache on a nightly basis we recommended that you set up a simple cron script similar to the one below.

echo "qs-util adcacheclearall" > /etc/cron.daily/adcacheupdate

echo "qs-util adcachegenall" >> /etc/cron.daily/adcacheupdate

chmod 755 /etc/cron.daily/adcacheupdate

Categories: Active Directory, How To, QuantaStor 3.15

Tags: high performance technologies