Microsoft small business knowledge base

Article ID: 951581 - Last Review: November 9, 2010 - Revision: 3.0


On a Windows Server 2003-based or Windows Server 2008-based computer that uses an Active Directory Lightweight Directory Services (AD LDS) or Active Directory Application Mode (AD/AM) directory service, certain applications do not perform at the performance levels that are expected.

When you enable field engineering (debug) logging to trace an LDAP query, the following event log shows that the LDAP query is an inefficient query:

Event ID : 1644
Category : Field Engineering
Source : NTDS General
Type : Information
Machine : ComputerName
Message : Internal event: A client issued a search operation with the following options.

Starting node: DC=contoso,DC=com
Filter: (&(objectcategory=user)(gidnumber=29831))
Search scope: subtree Attribute selection: …
Server controls:
Visited entries: 31950
Returned entries: 1

Note The attributes that are used in this event are only examples.

Additionally, you experience a slow response time.

When you inspect the attributes in the search filter, you find that they all have indexes that are defined. Additionally, if attributes do not have indexes that are defined, and you add the indexes through a schema change, the problem persists.


When you create a network trace of the LDAP query, you notice that it is a paged query.

However, the LDAP server can only use one index to process a paged query. This is because LDAP does not have a transaction to end a query, and the implementation for paged searches does not create an expensive context for the query.


To work around this problem, you can send the query without using the paged query control. By default, paged queries are always enabled for some LDAP client libraries. Therefore, you may have to write additional code in your application to enable and disable paged queries as appropriate for your specific situation.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


For more information, click the following article number to view the article in the Microsoft Knowledge Base:
314980  ( ) How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server

  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Windows Server 2008 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
kbexpertiseinter kbtshoot kbprb KB951581
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support