不包括Active Directory查询性能

时间:2009-07-20 01:11:12

标签: performance active-directory

我很好奇以下是否会以显着的方式对绩效产生负面影响......

我有一个带有输入框和网格的网页表单(可以是任何形式的应用程序)并允许用户搜索Active Directory以供用户使用...我不希望用户帐户具有$作为有sAMAccountName,所以我想知道我是否应该让它们返回,然后在应用程序的循环中过滤它们,或者是否应该在ActiveDirectory过滤器中排除它们,如下所示:

(&(objectCateogry=person)(objectClass=user)(!(sAMAccountName=*$*))(cn=<Insert User Query>))

我想我所关注的*$*会影响表现......任何见解都会受到高度赞赏!

2 个答案:

答案 0 :(得分:0)

我会在查询中包含(!(sAMAccountName=*$*)),原因如下:

  1. 它在Active Directory中编入索引,因此搜索速度很快。
  2. 在大多数环境中,域控制器的攻击力不如Web服务器,并且备用CPU和RAM。

    3. 我只是猜测,但我认为域控制器必须处理并发送到Web服务器的额外条目实际上会使所有内容花费更长时间。您可以在您的环境中尝试两种方式并测量差异。

    另外,如果您关注性能,可以查看System.DirectoryServices.Protocols中的课程。

答案 1 :(得分:0)

关于AD的过滤器如下:

class ExpressionTemplates
{
    /// <summary>
    /// The start with expression. eg: "({0}={1}*)".
    /// </summary>
    public readonly static string StartWithExpression = "({0}={1}*)";

    /// <summary>
    /// The end with expression. eg: "({0}=*{1})".
    /// </summary>
    public readonly static string EndWithExpression = "({0}=*{1})";

    /// <summary>
    /// The has a value expression. eg: "({0}=*)".
    /// </summary>
    public readonly static string HasAValueExpression = "({0}=*)";

    /// <summary>
    /// The has no value expression. eg: "(!{0}=*)".
    /// </summary>
    public readonly static string HasNoValueExpression = "(!{0}=*)";

    /// <summary>
    /// The is expression. eg: "({0}={1})".
    /// </summary>
    public readonly static string IsExpression = "({0}={1})";

    /// <summary>
    /// The is not expression. eg: "(!{0}={1})".
    /// </summary>
    public readonly static string IsNotExpression = "(!{0}={1})";

    /// <summary>
    /// The and expression. eg: "(&amp;{0})".
    /// </summary>
    public readonly static string And = "(&{0})";
    /// <summary>
    /// The or expression. eg: "(|{0})".
    /// </summary>
    public readonly static string Or = "(|{0})";

    /// <summary>
    /// The parenthesis expression. eg: "({0})".
    /// </summary>
    public readonly static string Parenthesis = "({0})";

    /// <summary>
    /// The join expression. eg: "{0}{1}".
    /// </summary>
    public readonly static string Join = "{0}{1}";
}

您可以参考我的基于ActiveRecord模式的OSS项目如下(因为它是开源的,您可以找到如何使用DirectoryEntry操作AD,DirectoryEntry不仅支持LDAP协议,还支持IIS,WIN等等,所以我开发了这个lib):

class ComplexFilterUnitTest : BaseUnitTest
{
    [TestCase]
    public void TestComplexFilter()
    {
        IFilter filter =
            new And(
                new IsUser(),
                new Is(OrganizationalUnitAttributeNames.OU, "pangxiaoliangOU"),
                new Or(
                        new StartWith(AttributeNames.CN, "pang"),
                        new And(
                            new EndWith(AttributeNames.CN, "liu"),
                            new Is(PersonAttributeNames.Mail, "mv@live.cn")
                            )
                    )
                );
        Assert.AreEqual("(&(objectClass=user)(ou=pangxiaoliangOU)(|(cn=pang*)(&(cn=*liu)(mail=mv@live.cn))))", filter.BuildFilter());
        foreach (var userObject in UserObject.FindAll(this.ADOperator, filter))
        {
            using (userObject)
            {
                Console.WriteLine(userObject.DisplayName);
            }
        }
    }
}

https://landpyactivedirectory.codeplex.com/documentation

你会发现使用它很容易操作AD,如果你对它不感兴趣,请忽略我的回答。 有关AD的任何问题请与我联系:)

相关问题
最新问题