On a Windows Server 2003-based or Windows Server 2008-based computer that uses an Active
Directory Lightweight Directory Services (AD LDS) or Active Directory
Application Mode (AD/AM) directory service, certain applications do not perform at the performance
levels that are expected.
When you enable field engineering (debug) logging to trace an
LDAP query, the following event log shows that the LDAP query is an inefficient
Event ID : 1644 Note
Source : NTDS General
Type : Information
Machine : ComputerName
Message : Internal
event: A client issued a search operation with the following options.
Starting node: DC=contoso,DC=com
subtree Attribute selection: …
Returned entries: 1
The attributes that
used in this event are only examples.
Additionally, you experience
When you inspect the attributes in the search filter,
you find that they all have indexes that are defined. Additionally,
attributes do not have indexes that are defined, and you add the indexes through a schema
change, the problem persists.
When you create a network trace of the LDAP query, you
notice that it
is a paged query.
the LDAP server can only use one index to process a
paged query. This is because
LDAP does not have a transaction to end a query, and
the implementation for
paged searches does not create an expensive context for the
To work around this problem, you
can send the query without
using the paged query control. By
paged queries are always
enabled for some LDAP client libraries. Therefore,
to write additional code in your application to enable and disable paged
queries as appropriate for
your specific situation.
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
to configure Active Directory diagnostic event logging in Windows Server 2003
and in Windows 2000 Server