Optimizing Search Performance
Microsoft® Windows® 2000 Scripting Guide
Optimizing a search operation requires knowledge of Active Directory to construct efficient query strings and an understanding of performance-related properties of the Command object. A search operation is also affected by how efficiently you use objects in a script.
Consolidating Query Strings
When writing a script that performs many search operations, consider consolidating the search operations. For example, write a query that returns a result set containing multiple attributes rather than create two separate queries that return attributes from the same object. Consolidating search operations reduces the load placed on the domain controller or domain controllers servicing the search request.
Limiting the Result Set
Narrow the scope of your search operation as much as possible. For example, if you want a result set containing all objects in an OU but you are not concerned about objects outside the OU, specify a search base that starts in the container you want to search. Also, if you are interested only in the objects within the OU but not child containers of the OU, limit the scope of the search to onelevel.
Use search filters to further narrow the search. For example, specify (objectCategory=class type), where class type is the type of object you want in the result set. Also, use objectCategory rather than objectClass because objectCategory is single-valued and ideal for servicing search requests. Unlike the objectClass attribute, objectCategory is replicated to the Global Catalog and indexed.
Specify filters, such as (cn=SEA*), so that the result set is limited to objects beginning with the letters SEA. However, if you do use the * wildcard, use it only at the end of the string. Specifying the wildcard at the beginning or in the middle of a value requires more processing on the domain controller servicing the request.
Combine filters to further refine the search. For example, the following filter limits a search to all computer objects starting with SEA:
(&(objectCategory=computer)(cn=SEA*))
You can also limit the number of entries returned by a multivalued attribute containing many entries by specifying a range limit. For an example of how to implement range limits in a search operation, see Listing 5.36 in "Searching Active Directory" earlier in this chapter.
Specifying Additional Command Object Properties
Certain Command object properties control various aspects of the search operation. These properties are especially useful for handling large result sets. Table 5.4 shows some of the options of the Command object that control a search operation.
Table 5.4 Options for Improving Performance for Large Result Sets
Option |
Description |
Default |
Syntax |
|---|---|---|---|
Page Size (paging) |
Instructs the domain controller to process a certain number of records and return them to the client before continuing the search. |
Disabled |
where Records is the number of records the domain controller should return before continuing the search. |
Size Limit |
Specifies the size of the result set. If the server reaches the size specified by the Size Limit property, the result set is returned to the client and the search operation is considered complete. |
1,000 records |
where Records is the number of records the domain controller should return before completing the search. The default size limit of a search is 1,000 records. |
Time Limit |
Specifies the time that the domain controller will search before returning a result set. If the server reaches the time limit, the search is ended. |
None |
where Time is the maximum amount of time (in seconds) that the domain controller should perform a search operation. |
Timeout |
Specifies the amount of time the client waits for a result set before terminating the search request. |
None |
where Timeout is the maximum amount of time (in seconds) that the client waits before terminating a search request. |
Cache Results (caching) |
Specifies whether the result set should be cached to the client. For very large result sets, disabling caching will reduce memory consumption on the client. |
True |
If set to False, caching is disabled. If set to True, caching is enabled. |
Asynchronous |
Specifies whether the server should send a result set a record at a time (asynchronously) or wait until the search operation completes (synchronously). |
False |
If set to True, results are sent asynchronously. If set to False, results are sent synchronously. |
See the ADSI task-based chapters in this book for script examples that use filter combinations, range limits, and properties of the Command object to complete object-specific search operations.
Using the Global Catalog to Perform Search Operations
When all attributes in a search operation are contained in the Global Catalog, use the GC prefix in the search base rather than LDAP. This is especially important when you want to return a result set from more than one domain. If you use the Global Catalog, a single domain controller can service the request. If you do not use the Global Catalog, you must enable referral chasing to get a complete result set from multiple domains. Referral chasing is not efficient and should be avoided whenever possible.
If you need to sort a result set, sort on attributes that are both indexed and in the Global Catalog. For information about how to determine which attributes are in the Global Catalog and are indexed, see "Active Directory Architecture" later in this chapter.
Minimize Object Creation (Instantiation)
Create a Connection object only once, and reuse it in the same script. Do not clear the Connection object from memory until you have completed all operations that use it. This rule also applies to other types of objects. For example, if you bind to an object in Active Directory, do not bind again to the object in the same script. Instead, reuse the object that is already in memory.