On 17/10/13 09:03, Kevin A. McGrail wrote: > We've done similar real time checks using Sendmail but seen this > actually bring down Exchange Servers (more like bringing it to its > knees from a resource perspective than actually crashing it) from the > LDAP queries associated with these type of issues. So I agree the > instantaneous nature is nice but we switch to the store because the > volume we could handle with Sendmail was so much higher than what was > effectively halting Exchange Servers. >
We saw the same thing, so we have hourly cronjobs dumping the email addresses out of Active Directory and push the addresses to the edge Unix mail relays. We find Active Directory LDAP too slow and too unreliable to rely on for a realtime service. Internally, even our Windows IT staff do something similar: batch jobs to dump data out via LDAP so that their actual websites and/or applications can reference LDAP data without having to talk to what Microsoft thinks passes for an LDAP server (eg try to figure out all the groups a user is a member of, in a multi-forest AD spread across 5 continents - and do it in <1sec - go on, I dare ya ;-) </rant ;-)> -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
