ADAM : Performances differences between AD and ADAM

Discussion in 'Active Directory' started by Eoin Mooney, Dec 17, 2003.

  1. Eoin Mooney

    Eoin Mooney Guest

    Hi ,

    I was wondering if there is a performance difference
    between ADAM and AD.

    More specifically, is reading/writing/searching ADAM
    slower than the same operations in AD?

    Regards
    Eoin
     
    Eoin Mooney, Dec 17, 2003
    #1
    1. Advertisements

  2. Depending upon the operation, ADAM is as fast or faster than AD. THe only
    exception that I can think of off of the top of my head would be bind
    redirection, and that is just because doing a bind redirect has a TTL hit
    when we redirect over to the AD environment (just takes some time to get to
    a DC potentially).

    The bulk of the code is AD code, just with stuff 'removed' that doesn't
    apply to ADAM.

    ~Eric
     
    Eric Fleischman [MSFT], Dec 17, 2003
    #2
    1. Advertisements

  3. Eoin Mooney

    Eoin Mooney Guest

    Thanks for the reply Eric , since then we have found the
    following , It may be confiuration and our lack of
    understanding so apologies if this is a stupid question

    Details

    Our win 2003 Ent Server with ADAM and our product on it
    NOT in a domain - stand-alone.

    Access the server via browser , good response when
    performing operations [read ADAM, etc ]


    Our Win 2003 Ent Server with ADAM and our product IN a Win
    2000 Domain.

    Access the server via browser , good response generally
    but when reading ADAM [ several times for one action] the
    delay causes an ASP timout, increase the timeout and the
    data is returned eventaully

    [ 3 seconds when not in a domain , 1 min 5 seconds when in
    a domain on the same operation]

    When we add the server to the domain we get the following
    message in the ADAM event log

    The directory server has failed to update the ADAM
    serviceConnectionPoint object in the Active Directory.
    This operation will be retried.

    Additional Data
    SCP object DN:
    []
    Error value:
    58 The specified server cannot perform the requested
    operation.
    Server error:
    (n/a)
    Internal ID:
    3390067
    ADAM service account:
    NT AUTHORITY\NETWORK SERVICE

    User Action
    If ADAM is running under a local service account, it will
    be unable to update the data in the Active Directory.
    Consider changing the ADAM service account to either
    NetworkService or a domain account.

    If ADAM is running under a domain user account, make sure
    this account has sufficient rights to update the
    serviceConnectionPoint object.

    ServiceConnectionPoint object publication can be disabled
    for this instance by setting msDS-DisableForInstances
    attribute on the SCP publication configuration object.


    Our ADAM instance is ruinning as the Network account and
    we have Administrators group as part of the Admin group in
    configuration .

    What are we doing wrong here ?


    When we remove the server from the domain , every
    operation works fine [speed wise]

    We also get the messages

    The directory server has detected that the host name
    and/or ports have been changed.
    If this is the only directory server in the configuration
    set, then this information will
    be updated in the local database. Otherwise, this
    information will be updated on a remote
    directory server. This message will repeat until this
    change is replicated to the local directory server.

    Additional Data
    Old DNS host name: swcadam2.APPTEST.NORTELNETWORKS.COM
    Current DNS host name: swcadam2
    Old NetBIOS name: SWCADAM2
    Current NetBIOS name: SWCADAM2
    Old LDAP port: 389
    Current LDAP port: 389
    Old SSL port: 636
    Current SSL port: 636

    For more information, see Help and Support Center at


    The directory server has detected that the service account
    used to run this service has been changed.
    The directory server has updated the internal structures
    accordingly.

    This directory server may be unable to replicate in
    changes from other instances,
    until the service account change is replicated around.

    User Action
    If mutual authentication is required for replication in
    this configuration set,
    then it may be necessary to unregister the SPNs from the
    old service account,
    and register the SPNs for the new service account.

    We do not require replication .


    Thanks for any assistance on this one

    Regards

    Eoin
     
    Eoin Mooney, Dec 18, 2003
    #3
  4. Well if the SCP error is a problem, you can disable scp registration. But
    that most likely won't cause performance issues by any means.
    Can you show us the query that has the performance difference?

    ~Eric


    --
    Eric Fleischman [MSFT]
    This posting is provided "AS IS" with no warranties, and confers no rights
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm


     
    Eric Fleischman [MSFT], Dec 18, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.