ad-server time-stamp-filter

When configuring security policies for users, user groups, or security groups on the device if AD authentication and authorization are used, you need to import users, user groups, or security groups on the AD server to the device.

Users, user groups, or security groups can be updated to the device in full update or incremental update mode. In full update mode, all users, user groups, or security groups are updated to the device. You can run the sync-mode full schedule command to enable the full update function of the AD server and set the full update time. In incremental update mode, only new users, user groups, or security groups added after the previous update are updated to the device. You can run the sync-mode incremental schedule interval command to enable the incremental update function of the AD server and configure the incremental update interval.

After the timestamp attribute filtering field is set using the ad-server time-stamp-filter command, the AD server incrementally updates users, user groups, or security groups to the device based on the field at the configured incremental update interval. The timestamp attribute filtering field can filter new users, user groups, or security groups added to the AD server after the previous update.

The timestamp attribute filtering field configured using the ad-server time-stamp-filter command must be the same as that configured on the AD server; otherwise, users, user groups, or security groups cannot be updated to the device incrementally.

To enable the incremental update function, run the sync-mode incremental schedule interval command.