Previous Page
Next Page

Creating More Effective Queries

Effective querying of Active Directory requires that you understand more about ADO searches. Table 13-1 lists the objects that are associated with searching Active Directory.

For ADO to talk with ADSI, two objects are required. The first object is the connection object, and the second object is the RecordSet. The command object is used to maintain the connection, pass along the query parameters, and perform such tasks as specifying the page size and search scope and executing the query. The Connection object is used to load the provider and to validate the user's credentials. By default, it uses the credentials of the currently logged-on user. If you need to specify alternative credentials, you can use the properties listed in Table 13-2.

Table 13-2. Authentication properties for the Connection object

Property

Description

User ID

A string that identifies the user whose security context is used when performing the search. (For more information about the format of the user name string, see IADsOpenDSObject::OpenDSObject in the Platform SDK.) If the value is not specified, the default is the logged-on user or the user impersonated by the calling process.

Password

A string that specifies the password of the user identified by "User ID."

Encrypt Password

A Boolean value that specifies whether the password is encrypted. The default is False.

ADSI Flag

A set of flags from the ADS_AUTHENTICATION_ENUM enumeration. The flag specifies the binding authentication options. The default is zero.


A number of search options are available to the network administrator. The use of these search options will have a large impact on the performance of your queries against Active Directory. It is imperative, therefore, that you learn to use the following options. Obviously, not all options need to be specified in each situation. In fact, in many situations, the defaults will perform just fine. However, if a query is taking a long time to complete, or you seem to be flooding the network with unexpected traffic, you might want to examine the search properties in Table 13-3.

Table 13-3. ADO search properties

Property

Description

Asynchronous

A Boolean value that specifies whether the search is synchronous or asynchronous. The default is False (synchronous). A synchronous search blocks until the server returns the entire result (or for a paged search, the entire page). An asynchronous search blocks until one row of the search results is available, or until the time specified by the Timeout property elapses.

Cache results

A Boolean value that specifies whether the result should be cached on the client side. The default is True; ADSI caches the result set. Turning off this option might be desirable for large result sets.

Chase referrals

A value from ADS_CHASE_REFERRALS_ENUM that specifies how the search chases referrals. The default is ADS_CHASE_REFERRALS_EXTERNAL.

Column Names Only

A Boolean value that indicates that the search should retrieve only the name of attributes to which values have been assigned. The default is False.

Deref Aliases

A Boolean value that specifies whether aliases of found objects are resolved. The default is False.

Page size

An integer value that turns on paging and specifies the maximum number of objects to return in a result set. The default is no page size. (For more information, see PageSize in the Platform SDK.)

SearchScope

A value from the ADS_SCOPEENUM enumeration that specifies the search scope. The default is ADS_SCOPE_SUBTREE.

Size Limit

An integer value that specifies the size limit for the search. For Active Directory, the size limit specifies the maximum number of returned objects. The server stops searching once the size limit is reached and returns the results accumulated up to that point. The default is no limit.

Sort on

A string that specifies a comma-separated list of attributes to use as sort keys. This property works only for directory servers that support the LDAP control for server-side sorting. Active Directory supports the sort control, but this control can have an impact on server performance, particularly when the result set is large. Be aware that Active Directory supports only a single sort key. The default is no sorting.

Time Limit

An integer value that specifies the time limit, in seconds, for the search. When the time limit is reached, the server stops searching and returns the results accumulated to that point. The default is no time limit.

Timeout

An integer value that specifies the client-side timeout value, in seconds. This value indicates the time the client waits for results from the server before quitting the search. The default is no timeout.


Note that you should specify a page size. In Windows Server 2003, Active Directory is limited to returning 1,500 objects from the results of a query when no page size is specified. The Page Size property tells Active Directory how many objects to return at a time. When this property is specified, there is no limit on the number of returned objects Active Directory can provide. If you specify a size limit, the page size must be smaller.


Previous Page
Next Page