This
is the Exchange 2000 application and the way some of the Distribution Groups
were querying AD. Because of the way they were nested and because of
certain restrictions, there were huge queries that were exceeding the limits of
the LDAP Query Policy and being queued for 30 minutes before being sent.
This led to a discussion of the need to create a separate LDAP Query Policy with
new limits, and having that policy apply to sites that serve Exchange Server
traffic.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Mulnick, Al
Sent: Tuesday, December 07, 2004 7:59 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP Capacity PlanningCan you give some more information about what those limits were and how they "worked" around them? I'm interested in context because there are a lot of variables here.I've typically seen a lot of folks that just write poor apps and trip the thresholds of AD that are there to protect the DC/GC's. Those thresholds are typically set by engineers meaning that the conversation often goes something like, "Q:Where should we set the limits to protect as many people as possible? A:50 Real Answer: 75, but if we let them get that close, they'll likely go over, so let's set it to 50 and they'll never break that threshold"The apps that are well written can often deal with this without issue, but it would help to know the app, how they ran into a problem and what you did to get them around it.Al
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott
Sent: Monday, December 06, 2004 10:08 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LDAP Capacity PlanningI have an interesting question that's come up recently...I have some customers who have recently seen some issues with their application and the default LDAP Query Policy limits. We've worked through that issue, but the customer is now wanting us to explain to them how we're going to monitor LDAP performance and capacity so that we see problems in the future before the customer encounters them. At the same time, the customer is asking us to give them the theoretical limits that we can set our LDAP Query Policies to without harming our Active Directory infrastructure. This will theoretically give them some sense of their boundaries (if they want to extend their application, and they know that there is a theoretical limit to the Query Policy, then they know that's as far as they can go without overloading AD).At this point, I am not finding much data on how I would go about this, so I thought I'd throw the question open and see if any of you have had this experience in the past. Any ideas on where I can go for tools or solutions, or even ideas of things that I need to be monitoring that will give me this sort of data, will be much appreciated.Thanks,Scott Rachui
