DEVHIDE
Login Or Sign up

Performance: DirectorySearcher vs PrincipalSearcher vs...?

1.4k Views Asked by At

I'm not that experienced with C# but I am comfortable writing it.

I was doing some basic ActiveDirectory lookups using both System.DirectoryServices.DirectorySearcher and System.DirectoryServices.AccountManagement.PrincipalSearcher. The exercise I was trying was getting the groups within a given group recursively, i.e:

static void Main(){
      DirectorySearcher ds = new DirectorySearcher(
         new DirectoryEntry("LDAP://region.company.com"));
      ds.Filter = "(&(objectCategory=group)(cn=" + myGroupName + "))";
      ds.PropertiesToLoad.Add("member");
      ds.PropertiesToLoad.Add("distinguishedname");
      SearchResult r = ds.FindOne();
      getNestedGroups(ref ds, r.Properties["member"]);
}

private void getNestedGroups(ref DirectorySearcher ds, ResultPropertyValueCollection member){
    foreach (string s in member) {
        ds.Filter = "(&(objectCategory=group)(distinguishedname=" + s + "))";
        SearchResult r = ds.FindOne();//if we find something, s is a group, so go inside it
        if (r != null) {
            Console.WriteLine(r.GetDirectoryEntry().Properties["distinguishedname"].ToString());
            getNestedGroups(ref ds, r.Properties["member"]);
        }

    }
}

The example I'm using is a group with a total of about 6 nested groups (3 deep) and I realise that the code is poring over maybe 150 'members' that are not groups.. thats the nature of the 'members' property, but this is unbearably slow.. Takes about 20 secs. This is significantly slower than doing the same thing with ADO in VBA or VBScript (~1 second)

I realise there might be a far better LDAP query, but I want to know how deep each group is nested.

I also tried the equivalent using PrincipalSearcher but the performance is just as terrible.

I even tried determining a DomainController at runtime and specifying it when connecting (rather than the serverless connection in my example) but again, the performance was the same. I also realise that I don't specify a search root or anything like that, but I'm giving it exactly the same information that I would give ADO. I've also experimented with PageSize and CacheResults etc to no avail...

I saw some exceptions from underlying COM objects.. are these libraries just layers on top of ancient COM DLLs? or am I doing something stupid?

c# .net performance active-directory directoryservices
Original Q&A
0

There are 0 best solutions below

Related Questions in C#

Related Questions in .NET

Related Questions in PERFORMANCE

Related Questions in ACTIVE-DIRECTORY

Related Questions in DIRECTORYSERVICES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.