And what does it actually do with all the changed AD objects? ________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Potter Vincent Sent: Tuesday, November 28, 2006 12:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Pointsec software vs. Active Directory Hi Gil, No it's running on a dedicated server targeting that DC. Authentication from the softwares' service account is quite numerous let's say :-) THere's enough LDAP activity but not in an expensive way. This is what it does : The ADScanner uses the ADSI (Active Directory Services Interface) and LDAP (Lightweight Directory Access Protocol) when searching for changes (default port 389) in a Domain. The ADScanner works with USN (update sequence number) queries using the uSNChanged attribute. It uses the uSNChanged attribute of an AD object to retrieve changes. When an AD object is modified on a domain controller, it sets the uSNChanged of the object to a value that is larger than the value of the uSNChanged attribute for all other objects held on that domain controller. The object with the highest value of the uSNChanged attribute is then the most recently changed object on the domain controller. The domain controller holds the highest uSNChanged value in the highestCommittedUSN attribute. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: dinsdag 28 november 2006 20:01 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Pointsec software vs. Active Directory Its curious you saw significant disk I/O with no corresponding increase in LDAP activity. Is the application running on the DC in your test environment? Is it generating a lot of authentication traffic? -gil ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, November 28, 2006 11:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Pointsec software vs. Active Directory Vincent- I have no idea what Pointsec is or does, perhaps you could share a little bit about this. What are the characteristics of the domain controllers in your test forest? How much memory? Disk config? How big is the DIT? Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Potter Vincent Sent: Tuesday, November 28, 2006 11:20 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Pointsec software vs. Active Directory Hi, My organisation is looking into testing and implementing Pointsec software for encryption purposes for our client environment. I'm responsable for the DIrectory service and they've asked me to participate. I've set -up a development forest and let the Pointsec team loose on that one. I activated some perfmon counters to see the impact on one DC. Regarding LDAP queries it was quite ok (only 1 reference to an expensive one) but I saw some implication on the physical disks of the machine that were hit quite heavily. Also a collegue of mine could remember from his previous company that the roll out of that soft brought some issues along. Does anyone of you have experience with the implementation of Pointsec and the impact on the directory service (especially the boxes) in a large environment? _____________________________ Vincent De Potter Volvo Information Technology
