All geek questions in one place

Active Directory Data Caching

In one of my applications, I request the active directory to get a list of all users below this user (using "Direct Reports"). Thus, basically, given the person’s name, he is viewed in AD, then direct reports are read. But then for each direct report, the tool must check direct reports of direct reports. Or, more abstractly: The tool will use the person as the root of the tree, and then go through the entire tree to get the names of all the leaves (maybe several hundred).

Now my concern is obviously performance, as it needs to be done quite a few times. My idea is to manually cache this (in essence, just put all the names in a long line and save it somewhere and update it once a day).

But I'm just wondering if there is a more elegant way to get the information first and then cache it, perhaps using something in the System.DirectoryServices namespace?

+4
source share
4 answers

To gain control over the properties you want to cache, you can call 'RefreshCache ()' passing the properties you want to hang:

System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry(); // Push the property values from AD back to cache. entry.RefreshCache(new string[] {"cn", "www" });
+3
source

Active Directory is quite efficient at storing information, and retrieval should not be so many hits on performance. If you really intend to keep the names, you probably want to save them in a tree so that you can see the relationships of all people. Depending on the number of people, you can also pull out all the information you need daily, and then request all requests against your cached copy.

+2
source

AD does this caching for you, so don't worry about it if performance isn't a problem. I have software that does such things all day on a corporate intranet, which takes thousands of calls per hour and never had to tune performance in this area.

+2
source

Depends on how relevant the information should be. If you must have the most recent data in your report, then a query directly from AD is reasonable. And I agree that AD is reasonably stable, a typical dedicated AD server is actually very easy to use in normal day-to-day operations, but it’s best to check with your IT department / support staff.

An alternative is a daily script to dump AD data into a CSV file and / or import it into an SQL database. (Oracle has a SELECT CONNECT BY function, which can automatically create multi-level hierarchies in the result set. MSSQL can do the same thing with a bit of IIRC recursion).

+2
source

Source: https://habr.com/ru/post/1276472/

More articles:


All Articles