How odd, that jumped offlist and then back onlist... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whaley, Greg Sent: Wednesday, November 30, 2005 9:45 AM To: [email protected] Subject: FW: [ActiveDir] Slow LDAP responses
Thanks Joe. In further research I have found when LDAP response is slow that LSASS.exe is taking up most of the process. I have also seen in other post that there may be a beta patch from MS for lsass.exe high utilization. So know I am waiting for MS to get back to me. Greg Whaley Consulting LAN Engineer St. John Health 586-753-1594 -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 7:43 PM To: Whaley, Greg Subject: RE: [ActiveDir] Slow LDAP responses ADFIND will take any standard LDAP query and execute it, you generally just specify the base (-b) and a filter (-f) and add -selapsed to get the timing values. So for instance, you could do Adfind -b dc=domain,dc=com -f ou=* -dn -selapsed To get a list of all DNs of Ous in domain.com joe -----Original Message----- From: Whaley, Greg [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 8:56 AM To: joe Subject: RE: [ActiveDir] Slow LDAP responses Joe, I do not really understand the command syntax any way you can give me an example? Greg Whaley Consulting LAN Engineer St. John Health 586-753-1594 -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Friday, November 04, 2005 4:30 PM To: [email protected] Subject: RE: [ActiveDir] Slow LDAP responses How do you know the responses are slow? What aspect is slow? Is it the name resolution, the bind, the query itself, what? Usually the first thing I would do in something like this is look at the -selapsed output of adfind which breaks up timing by various things done in the query Elapsed Times: LDAP_OPEN 0.016 ROOT_DSE 0 LDAP_OPEN_2 0 PARTIAL_SCHEMA 0.407 LDAP_UNBIND_2 0 LDAP_SEARCH_INIT 0 LDAP_GET_PAGES 0.062 LDAP_UNBIND 0 That can help narrow it down. If the open is really slow then I get out a network sniff and start watching the name res process, etc and usually find the problem there. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whaley, Greg Sent: Friday, November 04, 2005 2:24 PM To: [email protected] Subject: RE: [ActiveDir] Slow LDAP responses I am seeing issues with slow LDAP response on a specific Windows 2000 domain Controller. I have looked in the logs and the only thing I can see is that is causeing an issue is in the application log. Here is the event ID 1000: Windows cannot query for the list of Group Policy objects . A message that describes the reason for this was previously logged by this policy engine. I then go down to the error that was previously logged and see this. Event ID 1000 Windows cannot establish a connection to **Domain**.COM with (0). Anyone have any clues on what might be going on? This error started after the DC was rebooted because of issues with slow LDAP response. Greg Whaley Consulting LAN Engineer CONFIDENTIALITY NOTICE: This email message and any accompanying data are confidential, and intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ CONFIDENTIALITY NOTICE: This email message and any accompanying data are confidential, and intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. CONFIDENTIALITY NOTICE: This email message and any accompanying data are confidential, and intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
