web analytics
Sign In | Register
Welcome, Guest
1 2

How to Index an Attribute in Active Directory

 Options
Previous Topic Next Topic

codeling 1599 - 6654
@2016-12-30 23:52:49

Attributes on an object can be indexed to improve the performance of queries. When an attribute is indexed, the index applies to each object to which the attribute is associated. You cannot place an index on an attribute and have it apply to only one class of object. To specify the index for an attribute, you must modify the searchFlags property for the attribute in the schema.

The searchFlags property is part of the definition for a schema attribute and is composed of bit values. These bit values determine how an attribute is handled by Active Directory. The first three bits control how an attribute is indexed. By setting the first bit of the property to one, a database-wide index is created for the attribute. Setting the second bit to one creates an index on each container that holds an object that uses the attribute. This kind of index helps one-level searches, and Windows XP defines the supported sort orders for one-level VLV searches.

If the third bit is set, then the attribute is included in the filter expansion of ANR searches of the ANR attribute set only if the attribute is already normally indexed by setting the first bit to one. In the Windows Server 2003 family, if the sixth bit is set, then a substring index is created on the attribute, allowing efficient medial substring queries to be performed. Note that a substring index is significantly more expensive to create and maintain, so update speeds will be affected.

Ambiguous name resolution

Ambiguous name resolution (ANR) helps find a user object when a unique identifying value is not known. For example, if you know that the name of a person is Sam but are not sure whether Sam is a first name, last name, e-mail alias, or an abbreviation, you can use the filter, (anr=sam) to perform a search for every object where any of the attributes are part of the ANR index and begin with sam. Although ANR was designed for use with user objects, it can be used on any type of object. Therefore, you may need to indicate the class in the search as well. For example, use (&(objectClass=user)(anr=sam)).
@2016-12-30 23:55:08

Determine whether to add indices

Indexing attributes is useful when you search for objects that have the attribute name in a filter. Indexing can reduce the number of objects that must be visited when you evaluate the filter. However, this reduces the performance of write operations because the index must be updated when the corresponding attribute is modified or added. It also increases the size of the directory database. You can use logging to find the expensive and inefficient queries. Once you’ve identified them, you can index some attributes that are used in the corresponding queries to improve the search performance.
@2016-12-30 23:56:39

Determining when the index has changed

When the searchFlags property is modified, a background task starts to create the index. This task may take a while to complete depending on which attribute is indexed and how many objects are using the attribute. To be certain that the index has been created, look at the event log for the following message:

An index on the attribute <index ID> (index name) was successfully created.

When one of the bit values is set to zero to turn off the index, a background task is started for removing the index. To be certain that the index has been removed, look at the event log for the following message:

Deleted unneeded index <index name> (Internal ID <index ID>).
@2016-12-31 00:02:53

Effects of Indexing on Search Behavior

You can improve search behavior by indexing the attributes that are most likely to be searched. The searchFlags attribute of an attributeSchema object indicates whether the attribute is indexed and the nature of the indexing.

The searchFlags attribute is an integer value whose least significant bits indicate whether the attribute is indexed and in what way. Use the OR operator to combine the bit values to achieve the appropriate indexing behavior.

Values in the searchFlags attribute have the following effects:

  • 1 = Index over attribute only. Bit 0 must be set (0001). You can use the Active Directory Schema MMC snap-in to set this flag.
     
  • 2 = Index the attribute in each container (this value is used in conjunction with 1). Bit 0 and bit 1 must be set (0011). You can use Active Directory Schema to set this flag.
     
  • 4 = Add this attribute to the ANR set (this value is used in conjunction with 1). Bit 0 and bit 2 must be set (0101).
     
  • 8 = Preserve this attribute on logical deletion (that is, make this attribute available on tombstones). Bit 3 must be set (1000).
     
  • 16 = Copy the value for this attribute when the user object is copied. You can use this value to set up a user object template so that you can create multiple users by making copies of an original and providing values for only those attributes that are unique to each user. Bit 4 must be set (10000). For example, set this flag for attributes, such as company and department, that you want to copy, but do not set attributes that must be unique, such as objectSid and sAMAccountName.
     
  • 32 = Index this attribute for medial-string search (this value is used in conjunction with 1). Bit 5 and bit 0 must be set (100001). This indexing capability is provided on domain controllers running Windows Server 2003 when the schema has been updated for Windows Server 2003 functionality.
Previous Topic Next Topic
1 2

Comments
You must Sign In to comment on this topic.


© 2024 Digcode.com