Categorizing LDAP searches - inefficient vs. expensive?
I caught myself a couple of times mixing up the correct terms so I thought I’d wrap this up in a blog posting.
When looking at Directory Services searches, one of the goals is to find all results of the search as quickly and accurate as possible. When you query AD manually, you most of the time just want it to respond with the correct search results so that you can go on exporting the data, checking the results or doing something with the results. You don’t care if the search takes 13 milliseconds to complete or 5 seconds, it’s probably just a one-time action you perform to collect the data for some special task.
A different picture arises with directory enabled application. Those apps are supposed to read data off AD and write into it - sometimes heavily and multiple times a second. Just look at Exchange. Exchange is LDAP’s best friend. There surely are other applications in your environment that query Active Directory. As those apps query AD more often, it might be worth looking at how those applications form their searches and - how quick AD is to respond. It’s a different situation than searching manually. Searches that take AD to think 3 seconds that occur multiple times a minute are no good - you’d want to have that search be performed as fast as 13 milliseconds, right? The crappier the search is, the longer it takes AD to come up with good results - the more I/O it needs to perform to crawl the DIT database to find the objects searched and the more time is wasted that could be used to service other requests around. That’s an easy calculation.
