tags:

views:

249

answers:

4
Q: 

What is the most efficient way to load a user's DirectoryEntry?

I have the following code that loads a user's Active Directory DirectoryEntry object from the user's SID:

public static DirectoryEntry GetUserDirectoryEntry(SecurityIdentifier sid)
{
    return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.Value));
}

Is there a more efficient way to do this? I'm having to optimize my code because of performance issues, and I need to squeeze down to the absolute fastest code that I can. It doesn't necessarily have to load from an SID. I just need to know the most efficient way to get the users DirectoryEntry.

EDIT: I'm restricted to using .Net 2.0.

+1  A: 

You should try defining more filters and specifying user as the type in your criteria.

Eran Betzalel  2009-09-04 19:13:06
I'm not doing a search. Are you saying it would be more efficient to use a directory searcher class?
Max Schmeling  2009-09-04 19:20:26
By search I meant you are using LDAP query (searching the AD). Every LDAP query you run, count as a search.
Eran Betzalel  2009-09-04 19:41:45
+2  A: 

Directory operations are fairly slow regardless of the means you use to access objects in the directory. Without more context it is difficult to recommend a more efficient approach, but in general, have you considered grabbing sets of users at once, multithreading, and caching to design around the issue?

Also, I cannot say which is more efficient, but have you tried the new System.DirectoryServices.AccountManagement namespace in .NET 3.5? If anyone should have optimized this, it would be Microsoft, but I think we have all been let down before.

Jerry Bullard  2009-09-04 19:20:21
I edited the question to add that I'm restricted to using .Net 2.0. Also, I only need to pull one user at a time.
Max Schmeling  2009-09-04 19:25:17
+1  A: 

I don't think it makes a big difference how you load your DirectoryEntry - whether by SID or by fully-qualified DN - it just takes a set amount of time for the AD bind operation to work

That bind actually doesn't happen when you instantiate your DirectoryEntry - it's delayed until you start using properties on your DirectoryEntry, or access the .NativeObject property.

So no matter which way you do it - creating your DirectoryEntry based on some uniquely identifying value will just take its time.

Marc

marc_s  2009-09-04 20:41:40
+1  A: 

What about the System.DirectoryServices.Protocols namespace. It doesn't have the overhead of using ADSI and ought to be a lot faster. It looks a bit unwieldy at the start but once you get used to it, it's no so bad. Plus you can do proper asynchronous searches.

Have a look at:

serialhobbyist  2009-11-02 18:50:20

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?