DirectorySearcher FindOne() delay on initial execution

Question

I\'m seeing an initial delay of 2-5 seconds between the time that I execute DirectorySearcher FindOne() and the first network packet I see go out to the LDAP server. After

Answer 1

According to the LDAP ADsPath MSDN article, you should specify the ServerBind flag if your binding LDAP path points to a server to avoid unnecessary network traffic. It also recommends giving the full DNS name of the server. In addition, the ReadonlyServer flag is meaningless when pointing to a server. So my first suggestion is to replace the ReadonlyServer flag with ServerBind (and preferably give the full DNS name), or remove the server part of the string (in your example, make it LDAP://ou=lab,dc=ourdomain,dc=com or LDAP://ourdomain.com/ou=lab,dc=ourdomain,dc=com).

The other thing to look at is that you're providing the username by distinguished name. If you look at the core API that DirectoryEntry uses, IADsOpenDSObject::OpenDSObject, it requires that the lpReserved flag [the AuthenticationTypes parameter in DirectoryEntry] is zero [None] or includes the ADS_USE_SSL [SecureSocketsLayer] flag when passing a distinguished name for the username. Note that the SecureSocketsLayer flag requires that Active Directory requires that a certificate server is installed before you can use this flag. You might want to pass the username in a different format.

Finally, this MDSN page says that without any authentication flags, the username and password is sent cleartext. You should add the Secure flag.