LDAP queries are executed more slowly than expected in the AD or LDS/ADAM directory service and Event ID 1644 may be logged

Article translations Article translations
Article ID: 951581 - View products that this article applies to.
Expand all | Collapse all


On a Windows Server 2003-based or Windows Server 2008-based computer that uses an Active Directory Lightweight Directory Services (AD LDS) or Active Directory Application Mode (AD/AM) directory service, certain applications do not perform at the performance levels that are expected.

When you enable field engineering (debug) logging to trace an LDAP query, the following event log shows that the LDAP query is an inefficient query:

Event ID : 1644
Category : Field Engineering
Source : NTDS General
Type : Information
Machine : ComputerName
Message : Internal event: A client issued a search operation with the following options.

Starting node: DC=contoso,DC=com
Filter: (&(objectcategory=user)(gidnumber=29831))
Search scope: subtree Attribute selection: …
Server controls:
Visited entries: 31950
Returned entries: 1

Note The attributes that are used in this event are only examples.

Additionally, you experience a slow response time.

When you inspect the attributes in the search filter, you find that they all have indexes that are defined. Additionally, if attributes do not have indexes that are defined, and you add the indexes through a schema change, the problem persists.


When you create a network trace of the LDAP query, you notice that it is a paged query.

However, the LDAP server can only use one index to process a paged query. This is because LDAP does not have a transaction to end a query, and the implementation for paged searches does not create an expensive context for the query.


To work around this problem, you can send the query without using the paged query control. By default, paged queries are always enabled for some LDAP client libraries. Therefore, you may have to write additional code in your application to enable and disable paged queries as appropriate for your specific situation.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


For more information, click the following article number to view the article in the Microsoft Knowledge Base:
314980 How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server


Article ID: 951581 - Last Review: November 9, 2010 - Revision: 3.0
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Windows Server 2008 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
kbexpertiseinter kbtshoot kbprb KB951581

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com