Active Directory Accesses Test
Exchange 2007/2010 uses the Active Directory directory service site topology to determine how messages are transported in the organization.
Exchange 2007/2010 is a site-aware application. Site-aware applications can determine their own Active Directory site membership and the Active Directory site membership of other servers by querying Active Directory. In Exchange 2007/2010, the Microsoft Exchange Active Directory Topology service is responsible for updating the site attribute of the Exchange server object. When an Exchange server role has to determine the Active Directory site membership of another Exchange server role, it can query Active Directory to retrieve the site name.
The Mailbox server role uses Active Directory site membership information to determine which Hub Transport servers are located in the same Active Directory site as the Mailbox servers. The Mailbox server submits messages for routing and transport to a Hub Transport server that has the same Active Directory site membership as the Mailbox server. The Hub Transport server performs recipient resolution and queries Active Directory to match an e-mail address to a recipient account. The recipient account information includes the fully qualified domain name (FQDN) of the user’s Mailbox server. The FQDN is used to determine the Active Directory site of the user's Mailbox server. The Hub Transport server delivers the message to Mailbox server within its same Active Directory site, or it relays the message to another Hub Transport server for delivery to a Mailbox server that is outside the Active Directory site. If there are no Hub Transport servers in the same Active Directory site as a Mailbox server, mail cannot flow to that Mailbox server.
For processing all the Active Directory queries that are required for the aforesaid transactions, the Mailbox server role once again uses site membership to determine which domain controllers and global catalog servers to use. The Mailbox server role then binds to the identified directory servers whenever it needs to read from or write to Active Directory.
Any slowdown therefore, in the communication between the Mailbox server role and the marked global catalog servers / domain controllers can significantly delay the identification of the Hub Transport server that the Mailbox server needs to interact with; this in turn can cause delays in message delivery/processing. This test periodically monitors the network connection between the mailbox server role and each identified domain controller, so that communication bottlenecks are swiftly identified and resolved.
Target of the test : A server configured with the Mailbox server role
Agent deploying the test : An internal agent
Outputs of the test : One set of results for every domain controller used by the Mailbox server being monitored.
Parameters | Description |
---|---|
Test Period |
How often should the test be executed. |
Host |
Indicates the IP address of the Mailbox server. |
Port |
The port number of the Mailbox server. By default, this is 6001. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
LDAP read calls |
Indicates the number of Depth 0 read calls per second that were made by the mailbox server role to this domain controller. |
Calls/Sec |
|
LDAP search calls |
Indicates the number of LDAP Depth 1 or 2 search calls per second that were made by the mailbox server role to this domain controller. |
Calls/Sec |
|
LDAP searches timed out |
Indicates the number of LDAP searches that timed out during the last minute on this domain controller. |
Timeouts/min |
A high value could indicate any of the following:
To resolve this error, do one or more of the following:
|
LDAP fatal errors |
Indicates the number of LDAP errors that caused the Exchange Active Directory Provider to close the LDAP connection without marking the domain controller down during the last minute. |
Errors/Min |
Ideally, this value should be 0. |
LDAP disconnects |
Indicates the number of LDAP errors that caused Exchange Active Directory Provider to mark the domain controller down during the last minute. |
Disconnects/Min |
|
User search operations failed |
Indicates the number of Exchange Active Directory Provider client's searches that failed on this domain controller during the last minute. |
Failures/Min |
|
Bind failures |
Indicates the number of LDAP bind calls that failed during the last minute |
Failures/Min |
A large number of bind call failures is a cause for concern, as it can disrupt the execution of Active Directory queries. |
Long running LDAP operations |
Indicates the number of LDAP operations that the mailbox server performed on this domain controller that took longer than the specified threshold per minute. (Default threshold is 15 minutes.)
|
Operations/Min |
A high value generally indicates performance problems on the said domain controller(s) or network congestion. To resolve this, do one or more of the following:
|
LDAP pages retrieved |
Indicates the number of additional pages retrieved from this domain controller per second. |
Pages/sec |
|
Outstanding requests to Active Directory |
Indicates the number of currently pending LDAP operations to this domain controller. |
Number |
A high value of this measure or a steady increase in this value is indicative of the poor query processing capability of the domain controller, and would warrant further investigation. |
LDAP read time |
Indicates the average time (in ms) taken to send an LDAP read request to the specified domain controller and receive a response. |
Msecs |
A low value is desired for this measure. A high value or a value that increases consistently is indicative of a gradual slowdown in the domain controller. |
LDAP search time |
Indicates the average time (in ms) to send an LDAP search request and receive a response. |
Msecs |
High LDAP search latencies can be caused by high remote procedure call (RPC) latencies and by increasing queues. High LDAP search latencies generally indicate one of the following problems:
To reduce the time it takes for LDAP searches, do one or more of the following:
|