I have the following code that loads a user's Active Directory DirectoryEntry object from the user's SID:
我有以下代码从用户的SID加载用户的Active Directory DirectoryEntry对象:
public static DirectoryEntry GetUserDirectoryEntry(SecurityIdentifier sid)
{
return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.Value));
}
Is there a more efficient way to do this? I'm having to optimize my code because of performance issues, and I need to squeeze down to the absolute fastest code that I can. It doesn't necessarily have to load from an SID. I just need to know the most efficient way to get the users DirectoryEntry.
有没有更有效的方法来做到这一点?由于性能问题,我不得不优化我的代码,我需要尽可能地压缩到绝对最快的代码。它不一定要从SID加载。我只需要知道获取用户DirectoryEntry的最有效方法。
EDIT: I'm restricted to using .Net 2.0.
编辑:我只能使用.Net 2.0。
4 个解决方案
#1
1
I don't think it makes a big difference how you load your DirectoryEntry - whether by SID or by fully-qualified DN - it just takes a set amount of time for the AD bind operation to work
我不认为加载DirectoryEntry的方式有很大不同 - 无论是通过SID还是通过完全限定的DN - 只需花费一定的时间让AD绑定操作正常工作
That bind actually doesn't happen when you instantiate your DirectoryEntry - it's delayed until you start using properties on your DirectoryEntry, or access the .NativeObject
property.
当您实例化DirectoryEntry时,实际上不会发生绑定 - 它会延迟,直到您开始使用DirectoryEntry上的属性或访问.NativeObject属性。
So no matter which way you do it - creating your DirectoryEntry based on some uniquely identifying value will just take its time.
因此,无论您采用哪种方式 - 基于某些唯一标识值创建DirectoryEntry只需要花费时间。
Marc
渣子
#2
2
Directory operations are fairly slow regardless of the means you use to access objects in the directory. Without more context it is difficult to recommend a more efficient approach, but in general, have you considered grabbing sets of users at once, multithreading, and caching to design around the issue?
无论您使用何种方式访问目录中的对象,目录操作都相当慢。如果没有更多的上下文,很难推荐一种更有效的方法,但总的来说,您是否考虑过一次抓取多组用户,多线程和缓存来围绕这个问题进行设计?
Also, I cannot say which is more efficient, but have you tried the new System.DirectoryServices.AccountManagement namespace in .NET 3.5? If anyone should have optimized this, it would be Microsoft, but I think we have all been let down before.
另外,我不能说哪个更有效,但是你在.NET 3.5中尝试过新的System.DirectoryServices.AccountManagement命名空间吗?如果有人应该对此进行优化,那将是微软,但我认为我们之前都已经失望了。
#3
1
You should try defining more filters and specifying user as the type in your criteria.
您应该尝试定义更多过滤器并将用户指定为条件中的类型。
#4
1
What about the System.DirectoryServices.Protocols namespace. It doesn't have the overhead of using ADSI and ought to be a lot faster. It looks a bit unwieldy at the start but once you get used to it, it's no so bad. Plus you can do proper asynchronous searches.
那么System.DirectoryServices.Protocols命名空间呢?它没有使用ADSI的开销,应该更快。它在开始时看起来有点笨拙,但是一旦你习惯它,它就没那么糟糕了。另外,您可以进行适当的异步搜索。
Have a look at:
看一下:
- Introduction to System.DirectoryServices.Protocols (S.DS.P)
- System.DirectoryServices.Protocols简介(S.DS.P)
- S.DS and large data sets
- S.DS和大数据集
- PAGING IN SYSTEM.DIRECTORYSERVICES.PROTOCOLS
- 在SYSTEM.DIRECTORYSERVICES.PROTOCOLS中分页
- PAGED ASYNCHRONOUS LDAP SEARCHES REVISITED
- PAGED异步LDAP搜索已被重新审核
#1
1
I don't think it makes a big difference how you load your DirectoryEntry - whether by SID or by fully-qualified DN - it just takes a set amount of time for the AD bind operation to work
我不认为加载DirectoryEntry的方式有很大不同 - 无论是通过SID还是通过完全限定的DN - 只需花费一定的时间让AD绑定操作正常工作
That bind actually doesn't happen when you instantiate your DirectoryEntry - it's delayed until you start using properties on your DirectoryEntry, or access the .NativeObject
property.
当您实例化DirectoryEntry时,实际上不会发生绑定 - 它会延迟,直到您开始使用DirectoryEntry上的属性或访问.NativeObject属性。
So no matter which way you do it - creating your DirectoryEntry based on some uniquely identifying value will just take its time.
因此,无论您采用哪种方式 - 基于某些唯一标识值创建DirectoryEntry只需要花费时间。
Marc
渣子
#2
2
Directory operations are fairly slow regardless of the means you use to access objects in the directory. Without more context it is difficult to recommend a more efficient approach, but in general, have you considered grabbing sets of users at once, multithreading, and caching to design around the issue?
无论您使用何种方式访问目录中的对象,目录操作都相当慢。如果没有更多的上下文,很难推荐一种更有效的方法,但总的来说,您是否考虑过一次抓取多组用户,多线程和缓存来围绕这个问题进行设计?
Also, I cannot say which is more efficient, but have you tried the new System.DirectoryServices.AccountManagement namespace in .NET 3.5? If anyone should have optimized this, it would be Microsoft, but I think we have all been let down before.
另外,我不能说哪个更有效,但是你在.NET 3.5中尝试过新的System.DirectoryServices.AccountManagement命名空间吗?如果有人应该对此进行优化,那将是微软,但我认为我们之前都已经失望了。
#3
1
You should try defining more filters and specifying user as the type in your criteria.
您应该尝试定义更多过滤器并将用户指定为条件中的类型。
#4
1
What about the System.DirectoryServices.Protocols namespace. It doesn't have the overhead of using ADSI and ought to be a lot faster. It looks a bit unwieldy at the start but once you get used to it, it's no so bad. Plus you can do proper asynchronous searches.
那么System.DirectoryServices.Protocols命名空间呢?它没有使用ADSI的开销,应该更快。它在开始时看起来有点笨拙,但是一旦你习惯它,它就没那么糟糕了。另外,您可以进行适当的异步搜索。
Have a look at:
看一下:
- Introduction to System.DirectoryServices.Protocols (S.DS.P)
- System.DirectoryServices.Protocols简介(S.DS.P)
- S.DS and large data sets
- S.DS和大数据集
- PAGING IN SYSTEM.DIRECTORYSERVICES.PROTOCOLS
- 在SYSTEM.DIRECTORYSERVICES.PROTOCOLS中分页
- PAGED ASYNCHRONOUS LDAP SEARCHES REVISITED
- PAGED异步LDAP搜索已被重新审核