Symantec Access Management

The default value for AutoSweep Parameter which invokes XPSSweeper is once per week. But as per the CA document, CA recommends this to run once per every 24 hours.
If the XPSSweeper utility does not run often enough, the Policy Server could have trouble starting. Too many tombstone objects in the policy store produce the following error:
LDAP_SIZELIMIT_EXCEEDED
If you are importing objects by using the SDK you should run the XPSSweeper after every Import to synchronize legacy objects with XPS objects.
It is not recommended to run XPSSweeper more frequently than every two hours, even when scheduled because of PS cache updates and it can impacts performances

As a conclusion there is no magic number and it depends on your environment:
After each SDK Management script run to synchronize legacy and XPS objects.
Once a week
Not more than every 2 hours as it can impacts performances.

Well Thanks Julien for the tip.

Just to add to what Julien has pointed,  It's not only the Java SDK, you should run the XPSSweeper if you are Importing objects other than the XPSTools, for e.g. SmObjImport also requires XPSSweeper run.

XPSSweeper can fix many problems.

1. Too many TombStone Objects in the store and PS throws the  (LDAP_SIZELIMIT_EXCEEDED). The Tombstone objects can be defined as, when you delete an object from the policy store through XPS Tools, the actual object gets deleted from the store but it's stub still remains in the XPS Store, and XPS marks them as Tombstone. The tombstone objects are automatically deleted when the House Keeping thread running in PS, invokes the XPSSweeper by default. If you wish to delete them manually, you xan run the XPSSweeper manually.

On the performance Part, what Julien has pointed out, I would like to add, XPSSweeper clears out the Object cache and PS rebuilds the object cache after every run of XPSSweeper. it's only the Object Caches which gets rebuild when you run the XPSSweeper, No Impact on the AZ cache and Auth Cache though.

Regards

Sandeep Khurana