Slow AD Search in Workflow
Created: 24 Feb 2011 | 5 comments
Hello!
I'm currently using this AD Search method that I found on the Workflow Swat site to pull down a attributes of users (Display name, Office, Organizational Title, Telephone Number and phone number).
At times, depending on the AD username, it can take upwards of 45 seconds to return results. The workflow is fast at all components, except for when using this search feature.
Does anyone know of a more light weight search, maybe to retrieve the information from the process manager (we have our AD information sync there for the user information) that would work faster?
Tom
Discussion Filed Under:
Group Ownership:
Comments
Depending on the Size of your AD and what you are searching for
Depending on the Size of your AD and what field you are searching on it may take while to return the data.
Getting the info from your Process Manager will likely be faster as SQL searches are usually quicker than AD searches.
For faster results in AD searching you should try to narrow down the OU being searched. The more narrow the search, the faster the results. If you do not have that info, AD has to search the entire tree to find the data you are looking for.
So how many user objects are in your AD? and what criteria are you searching on?
It also just occured to me that I had a similar issue searching one of our external domains, but that domain controller was behind a firewall and not all the AD ports were open. Once the rule was updated, searches came back within seconds. IIRC, it usually took 30 to 40 seconds for the request to be processed. We did a Wireshark capture to diagnose the problem and it turned out to be related to DNS and AD ports...
rob
My Environment
There are well over 2000 user objects being searched and the search criteria is Lastname* as the example video instructed me to do so. Maybe that's why it's taking so long?
Sometimes though, users are found quick and the details are pulling back, when others just take forever even when there aren't nested groups.
I haven't thought about a wireshark trace, but I'll have to look into that and see if that will help.
2000 isn't that much... But
2000 isn't that much... But last name is not an easy field to search for. SamAccountName or DN is usually much faster.
What I do is use the Get User List component first. This brings back a limited amount of data (CN, DN, User GUID (or SID in AD parlance), and SamAccountName). This way if you put in a fairly common last name, you'll not have to get back every detail for every found user.
Once you have that list, you use the GUID to get the User Details - the Search for a SID (GUID) in AD is much faster.
I created a web service that look up all pertinent user data. We use this web service in every project we have (over 100).
rob
Walkthrough...
I don't suppose you have any documention on how you did that (such as what components you used, how you configured them, etc)? I'd like to try it out and see how much faster that will return the results for me.
Sure, I'd be glad to show
Sure, I'd be glad to show you. I am free around 11:30 est, so if you want we can do a GoToMeeting (I have an account).
Send me an email directly if that works for you:
rob.moore@travelport.com
rob
Would you like to reply?
Login or Register to post your comment.