Technical details Active Directory internals Find slow LDAP queries
June 29, 2024 at 4:56 AMSometimes, the Active Directory response times for specific LDAP queries are pretty high.
To find slow LDAP queries, you can set the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Diagnostics\15 Field Engineering
to 5
on your machine hosting the Active Directory.
To only collect queries which are above a defined threshold, you can set the registry keys
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Expensive Search Results Threshold
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Inefficient Search Results Threshold
- and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Search Time Threshold
to a threshold measured in milliseconds.
After that, your Directory Services event log contains the 1644
events. You can download the Event 1644 Reader script from GitHub. It allows you to extract all collected events.
Fore more information, see this blog article from Microsoft.