locked
Should i supply a server name when querying AD? RRS feed

  • Question

  • User-925100698 posted
    I know i can supply a server name with my base, eg: <ldap:// <servername> /Base DN> But the question is, does this help, or should i just let AD figure out what server to go talk to?
    Wednesday, April 8, 2009 3:25 PM

Answers

  • User1191518856 posted

    Although I haven't measured the difference between a server bind and serverless bind, I'd put my money that it is neglectable. There are other factors with DirectoryServices that impact performance much more, such as the attributes you're fetching, whether you keep an open connection to RootDSE and such.

    In fact, I wasn't aware of the ADS_SERVER_BIND flag, and in some of my apps, I'm doing heavy operations using server bind (and not using this flag), and I haven't experienced any "unnecessary network traffic".

    Ryan Dunn elaborates a bit on this subject here: http://directoryprogramming.net/forums/permalink/3902/3929/ShowThread.aspx#3929

    A good rule of thumb; don't start optimizing unless you have problems with performance. Most likely, it will not be the server vs serverless bind that kills your app. There are a million other factors in ASP.NET that have a higher impact on performance.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 15, 2009 3:47 AM

All replies

  • User-1001485597 posted

    it is required to supply the DC so that the codes know which DC you're searching for

    Wednesday, April 8, 2009 4:09 PM
  • User-925100698 posted

    it is required to supply the DC so that the codes know which DC you're searching for

    That is not true. I can leave the server name out, and the magic of AD will figure out where to get the info from, as long as i have a valid DN for the domain i am on.
    Wednesday, April 8, 2009 5:53 PM
  • User1191518856 posted

    The server name is optional, indeed. A good reason why you don't want to hard-code the name for a DC is that you will be dependent on this very machine. If this server is under a heavy load, or if it is down, your app will act slow or even stop.

    I would advise you to leave out the server name - unless you're modifying objects which you want to read back for verification. As there is a small delay in replication between DCs, you may get strange behavior if you modify an object on one DC, and read back the object from another DC - before the changes have been propagated correctly. In these [modifying] scenarios, I tend to bind to a specific DC.

    Then again, you wouldn't need to hard-code the name of the DC. You can extract it from your initial query, and then make sure all your subsequent calls use the name of the DC that you received in your first call.

    But as long as you're only doing reads, I wouldn't bother specifying a name for the DC.

    Monday, April 13, 2009 5:54 PM
  • User-925100698 posted
    thanks, Johram, that's a really good point about not knowing what server you are reading from, after doing writes, and with a load balancer, that would make it all that more complicated, but lucky for me i'm not doing any writing. What i'm really looking for is a recomendation as to performance impact. I saw this note on http://msdn.microsoft.com/en-us/library/aa772247(VS.85).aspx about the fact that i should be setting the ADS_SERVER_BIND flag when i specify a server, otherwise i may experience extra network traffic. So that made me wonder: should I ever specify a server? So are there performance benefits to specifying it that anyone knows about? or in a properly configured AD environment (in which i wouldn't be going cross country to satisfy queries) is it better to just omit it for read only operations?
    Tuesday, April 14, 2009 6:00 PM
  • User1191518856 posted

    Although I haven't measured the difference between a server bind and serverless bind, I'd put my money that it is neglectable. There are other factors with DirectoryServices that impact performance much more, such as the attributes you're fetching, whether you keep an open connection to RootDSE and such.

    In fact, I wasn't aware of the ADS_SERVER_BIND flag, and in some of my apps, I'm doing heavy operations using server bind (and not using this flag), and I haven't experienced any "unnecessary network traffic".

    Ryan Dunn elaborates a bit on this subject here: http://directoryprogramming.net/forums/permalink/3902/3929/ShowThread.aspx#3929

    A good rule of thumb; don't start optimizing unless you have problems with performance. Most likely, it will not be the server vs serverless bind that kills your app. There are a million other factors in ASP.NET that have a higher impact on performance.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 15, 2009 3:47 AM
  • User-925100698 posted

    A good rule of thumb; don't start optimizing unless you have problems with performance. Most likely, it will not be the server vs serverless bind that kills your app. There are a million other factors in ASP.NET that have a higher impact on performance.

    Sadly i'm at that point with an existing application, and my changes are limited to what i can do when talking to AD. I believe in general you are right though, that this setting probably isn't that big of a deal in the much larger picture of things.
    Wednesday, April 15, 2009 10:45 AM