Article ID: 951581 - Last Review: October 23, 2008 - Revision: 1.1

LDAP queries are executed more slowly than expected in the AD or LDS/ADAM directory service on a Windows Server 2003-based or Windows Server 2008-based computer, and Event ID 1699 may be logged

View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

On a Windows Server 2003-based or Windows Server 2008-based computer that uses an Active Directory Lightweight Directory Services (AD LDS) or Active Directory Application Mode (AD/AM) directory service, certain applications do not perform at the performance levels that are expected.

When you enable field engineering (debug) logging to trace an LDAP query, the following event log shows that the LDAP query is an inefficient query:

Event ID : 1644
Category : Field Engineering
Source : NTDS General
Type : Information
Machine : ComputerName
Message : Internal event: A client issued a search operation with the following options.

Client: 100.110.1.5
Starting node: DC=contoso,DC=com
Filter: (&(objectcategory=user)(gidnumber=29831))
Search scope: subtree Attribute selection: …
Server controls:
Visited entries: 31950
Returned entries: 1

Note The attributes that are used in this event are only examples.

Additionally, you experience a slow response time.

When you inspect the attributes in the search filter, you find that they all have indexes that are defined. Additionally, if attributes do not have indexes that are defined, and you add the indexes through a schema change, the problem persists.
Back to the top

CAUSE

When you create a network trace of the LDAP query, you notice that it is a paged query.

However, the LDAP server can only use one index to process a paged query. This is because LDAP does not have a transaction to end a query, and the implementation for paged searches does not create an expensive context for the query.
Back to the top

WORKAROUND

To work around this problem, you can send the query without using the paged query control. By default, paged queries are always enabled for some LDAP client libraries. Therefore, you may have to write additional code in your application to enable and disable paged queries as appropriate for your specific situation.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
314980  (http://support.microsoft.com/kb/314980/ ) How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server
Back to the top
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Back to the top
Keywords: 
kbexpertiseinter kbtshoot kbprb KB951581
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations