NT Service access to ADSI 2x slower than win32 exe

NT Service access to ADSI 2x slower than win32 exe

Post by riaa » Thu, 26 Jan 2006 21:11:47


Hi

We working on a client/server project, where the service reads objects
from a certain organizational unit in the active directory and returns
the data via XML to a client. Both sides of the application have been
developed in Delphi 7 in win32 (unmanaged) code using API calls. The
server application, which interfaces with the Active Directory is run
on the only Domain Controller in the domain. The client is connected to
a 100Mbps network close to the server. The server enumerates the
objects using the "LDAP://" provider.

At first, enumerating (just enumerating, not sending) the
organizational unit in the active directory took about 26s using the
win32 exe. We then commented out the lines asking to retrieve each
users GUID and SamUsername and the query came down to about 4s. (I
would still like to know why this happens ?!)

Next, we packaged the entire project into a NT service. The service
works great, except that its is about 2.5X slower than the win32 exe.

Here are some comparison figures:


Win32 EXE Service
Enumerating 4000 users: 3.468s 8.563s
Creating XML Message: 1.032s 0.859s
Sending XML via TCP: 0.792s 2.125s

I don't quite understand why the networking takes longer with service,
but 1s is the least of my problem. I cannot understand why the ADSI
would take longer. And I need to sort this out, because some of our
clients are located on a slower network and their domains typically
contain many thousands of users in one organizational unit.

Can anyone please offer me an explanation or a solution.

Thanks in advance.

Riaan
 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by MVP - AD » Fri, 27 Jan 2006 01:29:06

Are you using an LDAP search to enumerate the objects or using
IADsContainer? A search within a specific OU to return specific attributes
will be much faster than using IADsContainer.

Joe K.

 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by riaa » Fri, 27 Jan 2006 18:29:28

Hey. Thanks for the reply.

At current, I get the OU by calling: (FAdContainer is a IADsContainer)


After that, I call:


which returns all "objects" in the OU one by one by calling my callback
(EnumCallback)


In EnumCallback I get the properties of the object and place them in a
custom object:



I don't quite know what other method there is to get this done. Any
suggestions? I especially would like to know the service is performing
so poorly compared the win32 exe.

Any help is greatly appreciated.

Thanks

Riaan
 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by riaa » Fri, 27 Jan 2006 18:30:47

Hey. Thanks for the reply.

At current, I get the OU by calling: (FAdContainer is a IADsContainer)


After that, I call:


which returns all "objects" in the OU one by one by calling my callback
(EnumCallback)


In EnumCallback I get the properties of the object and place them in a
custom object:



I don't quite know what other method there is to get this done. Any
suggestions? I especially would like to know the service is performing
so poorly compared the win32 exe.

Any help is greatly appreciated.

Thanks

Riaan
 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by MVP - AD » Sat, 28 Jan 2006 03:41:30

You should use IDirectorySearch instead. You would do a one-level search
inside the container for the objects you are looking for and have the search
instance retrieve the attributes you want directly by specifying them in the
list. This should be several orders of manitude faster than what you are
doing as you are doing a separate AD search operation to load each object
that you get back as a result of the enumeration. This is very chatty on
the network.

Joe K.
 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by riaa » Fri, 03 Feb 2006 20:22:44

Hi Joe

Thanks for the reply. I have converted everything to use
IDirectorySearch instead. It is a much cleaner approach to the problem,
and I can now get the properties I needed without making such a massive
performance impact, yet I still have one lingering question:

Why does the project when built to a service take more than twice as
long as the same project when built to a normal win32 exe?

When taking desktop interactivity off the service, it speeds up
marginally, but doesn't even approach that of the win32 exe.

All other operations are similar in speed to that of the exe, some
faster, yet the ADSI part still takes twice as long.

Any ideas on how I can fix that?

Thanks

Riaan
 
 
 

NT Service access to ADSI 2x slower than win32 exe

Post by MVP - AD » Sat, 04 Feb 2006 00:46:04

I'd suggest sniffing the network traffic to see what is taking longer. I
going to guess that something in the LDAP authentication that is performed
when you initially connect is slow, but I don't know why.

Joe K.