Re : [ActiveDir] AD LDAP Logging.

[Yann]

Hello Tony,

 

Very usefull information ! Thanks.

i enabled this config:

15 Field Engineering  to 5

Expensive Search Results Threshold to 1

 

Here are the LDAP operation, :

 

1644 INFORMATIONAL NTDS General Fri Jun 09 09:55:16 2006 childdomain\user1 Internal event: A client issued a search operation with the following options.        Client:  11.22.33.44   Starting node:  OU=MyOU  OU=myou1 DC=childdomain DC=parentDomain DC=root DC=fr    Filter:   (objectClass=user)     Search scope:  subtree    Attribute selection:  givenName sAMAccountName sn    Server controls:      Visited entries:  63    Returned entries:  58 

 

Followed by this:

1139 INFORMATIONAL NTDS LDAP Fri Jun 09 09:55:16 2006 childdomain\user1 Internal event: Function ldap_search completed with an elapsed time of 16 ms.

 

=>  for 63 visited entries, only 58 are returned and the ldap search lasted 16 ms (Sometimes the ldap search took 140 ms...).

 

Questions:

Would the IDs 1644 + 1139 tell me that the web app. is performing Inefficient and Expensive LDAP Query to my DC ?

 

Thanks for advices,

 

Yann

 

 

---- Message d'origine ----
De : Tony Murray <[EMAIL PROTECTED]>
À : ActiveDir@mail.activedir.org
Envoyé le : Mercredi, 7 Juin 2006, 11h16mn 33s
Objet : RE: [ActiveDir] AD LDAP Logging.

Hi Yann

 

One option would be to enable logging of all LDAP searches against the DC.

 

http://www.activedir.org/article.aspx?aid=97

 

Tony

PS.  We’re just loading a new version of the site, so it might take a few minutes before you can load the page.

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yann
Sent: Thursday, 8 June 2006 6:39 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD LDAP Logging.

 

Hello ,

 

I need advices about troubleshooting LDAP connections to one of my DC in my AD2k3.

An application named ZOPE running on a linux box accesses my DC.

 Users use a web page, via ZOPE application, that connect to my DC to list users information. Sometimes, users are disconnected to my DC and the admin that is responsible for the ZOPE app. called me to resolve this issue.

 

What are the different steps to tshoot possible problem with LDAP connections to my DC ?

 

Thanks in advance for help,

 

Yann

 

 __________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.