IanN1990

Active Directory - Finding Fastest Domain Controller

11 posts in this topic

Good Evening, 

I am working on a script that pulls alot of user data from Active directory to help my team in automation.

At work we have a total of 8 domain controllers, some are faster then others but it is random when this will be.

The code i have at the moment for finding the fastest AD is below( in sudo code form)

 

#Include <ad.au3>

Local $FastTime = ""

Dim $Array = ["Domain1", "Domain2, "Domain3, "Domain4"]

For $i=0 to ubound($array)-1
$Timer = Timerinit()
_AD_Open("", "", $array[$i])
_AD_Close()
If $FastTime = "" then $FastTime = $array[$i]
If timerdiff(Timer) < $FastTime then $FastTime = $array[$i]
Next

consolewrite("Fastest AD is " & FastTime)

 

Does anyone have any better ideas on how to do it?

 

Kind regards

Ian

Share this post


Link to post
Share on other sites



You state "some are faster than others but it is random when this will be". Sounds like you have highly unbalanced workloads; have you thought about (or are you even the person who would be) addressing the underlying problem, to save yourself the hassle?


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

I would try to optimize the way you pull the data from AD so that the response time of a DC doesn't matter.
Could you give us examples how and which data you pull data from your DCs?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Valid Point :) Treat the problem not the symptom

In this example my hands are tied. I have access to ad for adminsation purposes but i am not in controll of anything above that.

In terms of peeks, i suspect the 8 controllers manage 5 sites and so it depends how many "users" are online at the time. 

 

Water - The data i am pulling down is 1200-2000 names & extensions. (I have never counted it fully but i dont think it is above 2k)

The amount changes every day, as people are joining and leaving, and extensions is not a static number. So every time my program is started it needs to pull down a fresh version of AD (This is so the data can be put into a autoit array for greater controll and validation within my gui instead of constantly harassing ad )

Edited by IanN1990

Share this post


Link to post
Share on other sites

I assume you use _AD_GetObjectsInOU to retrieve the data. Can you post an example? The LDAP query you use is essential for performance.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I dont have access to my work laptop atm :( so i can only post code from memory or until i get into work tomorrow.

Yes :) I do use _AD_GetObjectsinOU

It searchs a several sperfic locations (one at a time) with no subfolders and it also comes back unsorted

Ian

 

Share this post


Link to post
Share on other sites

Don't hurry. It is important that you only process the needed OU and that the LDAP query contains only indexed properties to limit search time.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

What do you mean by Indexed properties?

So as you suggested, the _ObjectsInOU only processes the "one folder location" that has user data in it but in my company user data is in serval locations. it searches each location independanlty rather then searching from root downwards. No other location are searched.

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

AD doesn't create an index for every property. If you search for a non indexed property AD needs to sequentially search the whole OU or whatever your search range is.
Details can be found here: https://msdn.microsoft.com/en-us/library/ms675095%28v=vs.85%29.aspx

If the OU you search not only contains users then I suggest you specify ObjectClass and ObjectCategory to limit search time.
Example:

$aObjects = _AD_GetObjectsInOU($sOU, "(&(objectcategory=person)(objectclass=user))", 0, "sAMAccountName,distinguishedName,displayname", "")

Only search for users in the specified OU and retrieve an unsorted list of users with 3 properties.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have integrated your code into my script and it has yielded a 100-200ms increase of boot up.

 

I have also written this today, though I don't know how good it will be

 

Func CheckFastestADConnection()
      Dim $ADDomainArray[7] = ["Domain1", "Domain2", "Domain3", "Domain4", "Domain5", "Domain6", "Domain7"]
      _Arrayshuffle($ADDomainArray)
         For $i=0 to ubound($ADDomainArray)-1
            If Ping($ADDomainArray[$i], 25) < 5 then Return $ADDomainArray[$i]
         Next
   EndFunc

 

Share this post


Link to post
Share on other sites

Ping only returns a number how fast the network connection and the network card of the pinged system are. You can't tell how busy the DC is and how fast it will process your query.

As you are retrieving a lot of data increasing the page size might help.
Check _AD_SetADOProperties to set and _AD_GetADOProperties to query. Example:

_AD_SetADOProperties("Page Size = 2000")

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now