Article ID: 310048
Article Last Modified on 10/12/2005
APPLIES TO
- Microsoft Active Directory Service Interfaces 2.5
This article was previously published under Q310048
SYMPTOMS
If you call the IADs::GetInfoEx function, unnecessary network traffic may be generated because of how the client-side cache for Active Directory Services Interface (ADSI) is updated.
This problem may adversely affect the performance of IIS servers. For every empty property that is requested using a IADs::Get call, the function also performs an implicit GetInfo request to the LDAP directory service requesting all available attributes. Each time that an empty property is requested, you may experience up to 4 seconds of delay when using Network Monitor to capture network traffic between the client computer and the directory server.
CAUSE
This problem is caused by the manner in which the ADSI cache tracks GetInfoEx and GetInfo requests. The cache is supposed to detect that a GetInfoEx request for a specific property has already been performed and that it was not successful. That way, when a query is performed for that property again, ADSI will not generate redundant network traffic.
When an empty property is requested by means of IADs::GetInfoEx to refresh the cache, and is followed immediately by IADs::Get requesting the property, the client-side ADSI LDAP provider makes an implicit GetInfo request and retrieves all of the available properties for that object. The cache does not detect that an unsuccessful request for that specific property has already been made.
MORE INFORMATION
Steps to Reproduce the Behavior
The following script may reproduce this problem:
on error resume next dim oUsr ' ' Bind to the user object ' set oUsr = GetObject("LDAP://cn=Fred Jones,ou=marketing,dc=br549,dc=test,dc=microsoft,dc=com") WScript.Echo "Start: " & now() ' ' Requesting a property that is known to exist with ' a property that is known not to exist... ' oUsr.GetInfoEx ARRAY("CN","department"), 0 WScript.Echo "GetInfoEx: " & now() ' ' Requesting the property that you know does not exist, ' Trace indicates a full GetInfo request is issued ' for all the data... ' dep = oUsr.Get("department") if ( err.number <> 0 ) then WScript.Echo "Get: ERROR: "& hex(err.number)& "Time: " & now() err.clear end if
In summary, the pre-hotfix traces indicate an extra LDAP search-request/search-response pair including all properties for the object. The LDAP portion of these frames are represented as follows:
LDAP: ProtocolOp: SearchRequest (3) LDAP: MessageID LDAP: ProtocolOp = SearchRequest LDAP: Base Object = cn=Test User1,cn=Users,dc=cpr000,dc=company,dc=com LDAP: Scope = Base Object LDAP: Deref Aliases = Never Deref Aliases LDAP: Size Limit = 0x00002710 LDAP: Time Limit = No Limit LDAP: Attrs Only = 0 (0x0) LDAP: Filter Type = Present LDAP: Attribute Type = objectClass LDAP: Attribute Value = 0
The search response follows.
NOTE: Network Monitor does not parse LDAP transactions that extend beyond the original frame as LDAP; it interprets them as TCP. The following is actually two frames in Network Monitor.
LDAP: ProtocolOp: SearchResponse (4) LDAP: MessageID LDAP: ProtocolOp = SearchResponse LDAP: Object Name = cn=Test User1,cn=Users,dc=cpr000,dc=company,dc=com + LDAP: Attribute Type = accountExpires + LDAP: Attribute Type = badPasswordTime + LDAP: Attribute Type = badPwdCount + LDAP: Attribute Type = codePage + LDAP: Attribute Type = cn + LDAP: Attribute Type = countryCode + LDAP: Attribute Type = displayName + LDAP: Attribute Type = givenName + LDAP: Attribute Type = instanceType + LDAP: Attribute Type = lastLogoff + LDAP: Attribute Type = lastLogon + LDAP: Attribute Type = logonCount + LDAP: Attribute Type = nTSecurityDescriptor + LDAP: Attribute Type = distinguishedName + LDAP: Attribute Type = objectCategory + LDAP: Attribute Type = objectClass + LDAP: Attribute Type = objectGUID + LDAP: Attribute Type = objectSid + LDAP: Attribute Type = primaryGroupID + LDAP: Attribute Type = pwdLastSet + LDAP: Attribute Type = name + LDAP: Attribute Type = sAMAccountName + LDAP: Attribute Type = sAMAccountType + LDAP: Attribute Type = sn + LDAP: Attribute Type = userAccountControl + LDAP: Attribute Type = userPrincipalName + LDAP: Attribute Type = uSNChanged + LDAP: Attribute Type = uSNCreated + LDAP: Attribute Type = whenChanged + LDAP: Attribute Type = whenCreated LDAP: MessageID LDAP: ProtocolOp = SearchResponse (simple) LDAP: Result Code = Success
RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows 2000 service pack that contains this hotfix.
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
Date Time Size File name -------------------------------------------------- 26-NOV-2001 17:50 123,664 adsldp.dll 26-NOV-2001 17:50 130,320 adsldpc.dll 26-NOV-2001 17:50 62,736 adsmsext.dll 26-NOV-2001 17:50 356,112 advapi32.dll 26-NOV-2001 17:50 82,704 cmnquery.dll 26-NOV-2001 17:50 133,904 dnsapi.dll 26-NOV-2001 17:50 91,408 dnsrslvr.dll 26-NOV-2001 17:50 41,744 dsfolder.dll 26-NOV-2001 17:50 156,944 dsquery.dll 26-NOV-2001 17:50 110,352 dsuiext.dll 08-OCT-2001 14:54 88,336 hotfix.exe 26-NOV-2001 18:01 27,773 hotfix.inf 28-NOV-2001 18:57 1,804 hotfix.txt 26-NOV-2001 17:52 521,488 instlsa5.dll 26-NOV-2001 17:50 145,680 kdcsvc.dll 26-NOV-2001 16:33 199,440 kerberos.dll 04-SEP-2001 08:32 71,024 ksecdd.sys 26-NOV-2001 16:51 503,568 lsasrv.dll 26-NOV-2001 16:52 33,552 lsass.exe 26-NOV-2001 16:32 107,280 msv1_0.dll 26-NOV-2001 17:50 306,960 netapi32.dll 26-NOV-2001 17:50 358,672 netlogon.dll 26-NOV-2001 17:50 913,168 ntdsa.dll 26-NOV-2001 18:09 4,308,288 Q310048_W2K_SP3_X86_EN.exe 26-NOV-2001 17:50 387,856 samsrv.dll 26-NOV-2001 17:50 128,784 scecli.dll 26-NOV-2001 17:50 299,792 scesrv.dll 26-NOV-2001 17:58 2,840,453 sp3.cat 30-MAY-2001 00:03 3,584 spmsg.dll 26-NOV-2001 17:50 48,400 w32time.dll 06-NOV-2001 11:43 56,592 w32tm.exe 26-NOV-2001 17:50 125,712 wldap32.dll 29-NOV-2001 14:14 <DIR> 56bit 26-NOV-2001 16:51 503,568 lsasrv.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
265173 The Datacenter Program and Windows 2000 Datacenter Server Product
For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:
296861 Use QChain.exe to Install Multiple Hotfixes with Only One Reboot
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes
Keywords: kbbug kbfix kbwin2000presp3fix kbqfe kbwin2000sp3fix kbdirservices kbdswadsi2003swept kbhotfixserver KB310048