stackoom
  简体   繁体   中英

Performance issues in connecting to AD using Global catalog

 原文  2012-04-13 17:42:12       c#/ active-directory/ ldap

Question

I faced performance issues to connect to active directory using Domain Catalog approach then a friend advised me to use the Global Catalog approach but I faced higher performance issues I did make a proof-of-concept and then using

Example 1 : using domain catalog 

DirectoryEntry de = new DirectoryEntry();

de.Path = "LDAP://DomainName.CORP.COM";
de.Password = "UserPassword";
de.Username = "UserName";

DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;

deSearch.ClientTimeout = new TimeSpan(0, 0, 60);

deSearch.SearchScope = SearchScope.Subtree;
string format = "(&(objectClass=user)(sAMAccountName="+InputUserName+"))";
deSearch.Filter = string.Format(format, UserName);

It took about 1 second

Example 2 : using Global Catalog with unsecured port (3268): 

de.Path = "GC://CORP.COM:3268";

it took 6 seconds

Example 3 : using Global Catalog with secured port (3269): 

de.Path = "GC://CORP.COM:3269";

It took 38 seconds

Can you help me how can I solve performance issues using secured Global Catalog approach as you see it took much time ?

By the way I found at the following article : http://support.microsoft.com/kb/951581 the we can solve performance issues by work around to disable paged query but I do not know how I implement that ?

Your feedback will be highly appreciated

2 answers

solution1
 0  2012-04-13 19:29:12

The SSL issue is likely related to checking cert revocation or something along that line.

What version of Windows are your DCs running?

solution2
 0  2012-12-31 16:10:21

It's difficult to tell what your final goal is here, but judging by your code, it looks like you're just trying to authorize a user, and then maybe retrieve their properties as well?

If this the case, you really don't have to use Global Catalog syntax. I'd suggest using the standard Domain Catalog syntax, and the lower level System.DirectoryServices libraries.

I spent a couple weeks digging into a very similar performance issue when connecting\\authorizing\\searching Active Directory over SSL, and you can find the ticket here :

Set callback for System.DirectoryServices.DirectoryEntry to handle self-signed SSL certificate?

Hopefully this will get you going in the right direction.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Search in global catalog of AD Forest Active Directory search of Global Catalog When Using Sys.AD.AM .Net 3.5 Class Performance issues with the existing coding approach using global :: keyword How to search for users in Global Catalog within AD forest with multiple trees Using global catalog in a ldap search with C# library Novell thumbnailPhoto not getting in case of Global Catalog Error handling - global error catalog? Connecting to Azure AD api using graph with an WPF application Performance issues when using C# attributes? QueueUserWorkItem() performance issues using Mono C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM