All geek questions in one place

Network Usage - AccountManagement vs. DirectoryServices

I spend more than one day to find out that the Principal object is using a higher bandwidth path than using DirectoryServices. The scenario is as follows. I have a group with ~ 3000 computer objects. To check if the computer is in this group, I got a GroupPrincipal and looked for ComputerPrincipal.

Boolean _retVal = false; PrincipalContext _principalContext = null; using (_principalContext = new PrincipalContext(ContextType.Domain, domainController, srv_user, srv_password)) { ComputerPrincipal _computer = ComputerPrincipal.FindByIdentity(_principalContext, accountName); GroupPrincipal _grp = GroupPrincipal.FindByIdentity(_principalContext, groupName); if (_computer != null && _grp != null) { // get the members PrincipalSearchResult<Principal> _allGrps = _grp.GetMembers(false); if (_allGrps.Contains(_computer)) { _retVal = true; } else { _retVal = false; } } } return _retVal;

It’s actually a very nice interface, but it creates about 12 MB of traffic per request. If you are a domain controller in a local network, this is not a problem. If you access the domain controller using the WAN, it kills your connection / application.

After I noticed this, I reimplemented the same functionality using DirectoryServices

 Boolean _retVal = false; DirectoryContext _ctx = null; try { _ctx = new DirectoryContext(DirectoryContextType.DirectoryServer, domainController, srv_user, srv_password); } catch (Exception ex) { // do something useful } if (_ctx != null) { try { using (DomainController _dc = DomainController.GetDomainController(_ctx)) { using (DirectorySearcher _search = _dc.GetDirectorySearcher()) { String _groupToSearchFor = String.Format("CN={0},", groupName); _search.PropertiesToLoad.Clear(); _search.PropertiesToLoad.Add("memberOf"); _search.Filter = String.Format("(&(objectCategory=computer)(name={0}))", accountName); ; SearchResult _one = null; _one = _search.FindOne(); if (_one != null) { int _count = _one.Properties["memberOf"].Count; for (int i = 0; i < _count; i++) { string _m = (_one.Properties["memberOf"][i] as string); if (_m.Contains(groupName)) { _retVal = true; } } } } } } catch (Exception ex) { // do something useful } } return _retVal;

This implementation will use about 12 thousand network traffic. Which may not be so good, but it saves a lot of bandwidth.

My questions now, if someone has an idea of ​​what the AccountManagement object does, what does it use so much bandwidth?

THANKS!

+4
source share
1 answer

I would suggest that the following lines will do a lot to save bandwidth:

 _search.PropertiesToLoad.Clear(); _search.PropertiesToLoad.Add("memberOf"); _search.Filter = String.Format("(&(objectCategory=computer)(name={0}))", accountName);

The first two say that DirectorySearcher loads only one property, and does not know how many of them are of arbitrary size.

The second passes the filter to DirectorySearcher, which I think is probably server-side processed, which further limits the size of your result set.

+2
source

Source: https://habr.com/ru/post/1344583/

More articles:


All Articles