RE: [ActiveDir] Full Client Login Test on AD

[Mark Parris]

Title: Full Client Login Test on AD

There is a utility called “loadhardness” which has various plugin’s this may assist you with some of your issues.   But could you capture this information in MOM 2005 and utilise some clever scripting to simulate logons?   Loadsim 2003 could be utilised for Exchange.   Mark Parris       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 28 April 2005 22:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Full Client Login Test on AD     There are many load testing systems out there (e.g. Load Runner (www.mercury.com), AdventNet Qengine) for Web based apps and custom Application code for .NET.  My question is there any way to test for multiple login behaviour in active directory?  For example I need to run 1000s of concurrent users for a test against a DC which would mimic the following (generalized): A Machine Boots Up - Queries DNS for SRV Records (AD Integrated DNS) - Determines Site Information - Checks Time Services SNTP - Authenticates a Machine Account which gains a Kerberos Token, session and SID/RIDs from Group Membership(s) - Checks for Slow Link Detection from GPO via ICMP - Binds to sysvol - a DC now keeps track of this  CIFS or SMB Share State - Checks Machine GPO Settings using standard LSDOU (minus the L in this case) - Checks for any published MSI Jobs User Logs In - Authenticates a User Account which gains a Kerberos Token, session and SID/RID Package from Group Membership - Checks User GPO Settings using LSDOU (minus the L in this case) - Checks for MSI Jobs - Process Login Script - regardless of size and spawning mechanisms it would still need to run the first bind and connection from the DC <Rest of the life of the session> - Kerberos rechecked every half life or four hours - SNTP rechecked at timed intervals - GPOs applied every 30-90 minutes in random fashion I know that I have not even touched E2k3 or other AD based application which may also want to communicate via LDAP Process calls etc. but for now, it is out of scope. AFAIK - simulators cannot come close to this type of check, only one liners such as Kerberos tickets, or HTTP requests - all based on non stateful connections and even then it would be in a sequential format, user1, then user2, then user3 and so forth not user1.2.3 at the same exact time.  The only way I know how to do this would be to have 1000s of physical (or virtual) machines login to hit the DC at once to come close to the full sequence above. Any suggestions? Many thanks Jon