Query active directory groups is suddenly very slow
We have a single web page that queries active directory to identify the group(s) to which a user belongs. This page has worked fine for several years and suddenly today the page load time has gone from 1-2 seconds up to 15-20 seconds. I've traced the execution of this page and the slowdown is in the part that queries active directory.
To the best of my knowledge nothing has changed on either the domain controller nor the web server. The web server is Win2003 and the domain controller is Win2000. Site traffic is within normal patterns. All other applications on the web server are functioning normally (none use Active Directory though). Direct activities on the domain controller (adding a user for example) don't exhibit any delay in response time. Nothing in the event logs on either server that indicate a problem.
I'm looking for ANY suggestions where to look to resolve this problem. The page in question is the frontend portal for all of our web apps so a 20 second load time is unacceptable.
If it helps, the code where the slowdown occurs is as follows (this is classic ASP):
m_LogonUser = Request.ServerVariables("L
Set objUser = GetObject("WinNT://ourdoma
for each Group in objUser.Groups
nNextElement = cint(nLastElement) + 1
redim preserve sGroupArray(nNextElement)
sGroupArray(nNextElement) = Group.Name
next
To the best of my knowledge nothing has changed on either the domain controller nor the web server. The web server is Win2003 and the domain controller is Win2000. Site traffic is within normal patterns. All other applications on the web server are functioning normally (none use Active Directory though). Direct activities on the domain controller (adding a user for example) don't exhibit any delay in response time. Nothing in the event logs on either server that indicate a problem.
I'm looking for ANY suggestions where to look to resolve this problem. The page in question is the frontend portal for all of our web apps so a 20 second load time is unacceptable.
If it helps, the code where the slowdown occurs is as follows (this is classic ASP):
m_LogonUser = Request.ServerVariables("L
Set objUser = GetObject("WinNT://ourdoma
for each Group in objUser.Groups
nNextElement = cint(nLastElement) + 1
redim preserve sGroupArray(nNextElement)
sGroupArray(nNextElement) = Group.Name
next
MSE-dwells
Have you tried running that as a VBscript interactively when logged on to the web server, it may assist in isolating the cause (which has a good chance of being DNS since it nearly always is)?
ASKER
I'm a .Net programmer and have inherited this problem so maybe this is a dumb question but I have no idea how to go about running this code as an interactive VBscript. Can you assist with that?
ASKER
Okay, I copied this code into a .vbs file on my web server and executed it. It takes a long time to execute but how does that help me figure out what the problem is?
Hehe ... patience young hobbit ;0) Let's incorporate a couple of wscript.echo statements like this and determine where the slowness occurs -
m_LogonUser = Request.ServerVariables("L
wscript.echo "about to get a handle to the user - " & m_LogonUser
Set objUser = GetObject("WinNT://ourdoma
wscript.echo "got handle"
wscript.echo "about to enumerate groups"
for each Group in objUser.Groups
nNextElement = cint(nLastElement) + 1
redim preserve sGroupArray(nNextElement)
sGroupArray(nNextElement) = Group.Name
wscript.echo "got next group - " & sGroupArray(nNextElement)
next
m_LogonUser = Request.ServerVariables("L
wscript.echo "about to get a handle to the user - " & m_LogonUser
Set objUser = GetObject("WinNT://ourdoma
wscript.echo "got handle"
wscript.echo "about to enumerate groups"
for each Group in objUser.Groups
nNextElement = cint(nLastElement) + 1
redim preserve sGroupArray(nNextElement)
sGroupArray(nNextElement) = Group.Name
wscript.echo "got next group - " & sGroupArray(nNextElement)
next
Having just read your profile, I too find it interesting just how compelling attaining these meaningless ranks is ... I used to prefer being paid ;0)
ASKER
Appreciate the help MSE. I simplified the script for testing as follows:
wscript.echo "Starting"
Set obj = GetObject("WinNT://ourdoma
wscript.echo "Got User"
for each Group in obj
wscript.echo Group.Name
next
wscript.echo "Ending"
The output is:
Starting
[DELAY ABOUT 10 SECONDS]
Got User
[DELAY ABOUT 10 SECONDS]
Group1
Group2
...etc...
Ending
So once the first group is displayed there is no delayed. The delay is apparently in both the GetObject line and the "For each..." line.
I ran the same script on the domain controller and the response is near instantaneous - no delays at all.
wscript.echo "Starting"
Set obj = GetObject("WinNT://ourdoma
wscript.echo "Got User"
for each Group in obj
wscript.echo Group.Name
next
wscript.echo "Ending"
The output is:
Starting
[DELAY ABOUT 10 SECONDS]
Got User
[DELAY ABOUT 10 SECONDS]
Group1
Group2
...etc...
Ending
So once the first group is displayed there is no delayed. The delay is apparently in both the GetObject line and the "For each..." line.
I ran the same script on the domain controller and the response is near instantaneous - no delays at all.
ASKER
>>> I used to prefer being paid
With the market what it is, I'll take what I can get :-) Too bad the gas station won't accept EE points as payment!
With the market what it is, I'll take what I can get :-) Too bad the gas station won't accept EE points as payment!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was it exactly. Someone made a change to our internal DNS server...
Appreciate the help!
Appreciate the help!