1

I faced performance issues to connect to active directory using Domain Catalog approach then a friend advised me to use the Global Catalog approach but I faced higher performance issues I did make a proof-of-concept and then using

Example 1 : using domain catalog

DirectoryEntry de = new DirectoryEntry();

de.Path = "LDAP://DomainName.CORP.COM";
de.Password = "UserPassword";
de.Username = "UserName";

DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;

deSearch.ClientTimeout = new TimeSpan(0, 0, 60);

deSearch.SearchScope = SearchScope.Subtree;
string format = "(&(objectClass=user)(sAMAccountName="+InputUserName+"))";
deSearch.Filter = string.Format(format, UserName);

It took about 1 second

Example 2 : using Global Catalog with unsecured port (3268): 

de.Path = "GC://CORP.COM:3268";

it took 6 seconds

Example 3 : using Global Catalog with secured port (3269): 

de.Path = "GC://CORP.COM:3269";

It took 38 seconds

Can you help me how can I solve performance issues using secured Global Catalog approach as you see it took much time ?

By the way I found at the following article : http://support.microsoft.com/kb/951581 the we can solve performance issues by work around to disable paged query but I do not know how I implement that ?

Your feedback will be highly appreciated

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Mohammed Thabet
  • 21,387
  • 7
  • 27
  • 43
  • Mine is very similar like yours, but I don't use deSearch.SearchScope = SearchScope.Subtree; Maybe you can try it without that line. – maxisam Jul 23 '12 at 16:33

2 Answers2

0

The SSL issue is likely related to checking cert revocation or something along that line.

What version of Windows are your DCs running?

Brian Desmond
  • 4,473
  • 1
  • 13
  • 11
0

It's difficult to tell what your final goal is here, but judging by your code, it looks like you're just trying to authorize a user, and then maybe retrieve their properties as well?

If this the case, you really don't have to use Global Catalog syntax. I'd suggest using the standard Domain Catalog syntax, and the lower level System.DirectoryServices libraries.

I spent a couple weeks digging into a very similar performance issue when connecting\authorizing\searching Active Directory over SSL, and you can find the ticket here :

Set callback for System.DirectoryServices.DirectoryEntry to handle self-signed SSL certificate?

Hopefully this will get you going in the right direction.

Community
  • 1
  • 1
X3074861X
  • 3,709
  • 5
  • 32
  • 45