Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
0
Helpful
2
Replies

Jabber and Indexing in AD

Go to solution
kelvin.j.owen
Level 1
Level 1

‎01-03-2013 01:58 AM - edited ‎03-17-2019 02:54 PM

I'm setting up Jabber for Windows, iPhone and iPod and the Cisco documentation refers to indexing certain attributes in Active Directory, e.g.

Index these Active Directory attributes:

• sAMAccountName

• displayName

• mail

• msRTCSIP-PrimaryUserAddress

In addition, index any attributes that are used for contact resolution. For example, you might need to index

these attributes:

• telephoneNumber

• Any other directory phone number attributes that are used to find contacts, depending on the value of

the DisableSecondaryNumberLookups key

• ipPhone

Our AD team advise me that sAMAccountName, displayName and mail are laready indexed, but indexing the other fields would require a schema change (which thay won't do without very good reason) and will have a performance overhead.

I'm wondering of anyone can give some details from a Jabber perspective of not indexing the other attributes ? Is indexing a 'nice to have' or a 'must do' ?

Regards

Kelvin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎01-03-2013 02:39 AM

Hi Kelvin

Basically if an attribute is not indexed then it isn't optimised as a field for searching. That's why sAMAccountName for example is indexed by default, as every single logon or search for a username will use that index.

Adding indexed fields increases the size of the AD database, but the trade off is that searhes based on those numbers are faster and incur less processing overhead on the DCs.

Jabber et al do reverse lookups on numbers for every call that is received, so if those number fields are not indexed there will be an overhead on the DCs, and searches may time out or be returned slowly to the client.

There's some more info here:

http://blogs.technet.com/b/ad/archive/2008/04/01/how-to-create-a-mosiac-of-user-thumbnails-in-aduc-dsa-msc.aspx

The bottom line is that yes, it is a 'schema change' but it is reversible (you can just untick the 'index' option any time) - not like actual attribute/class additions. Given that the Jabber clients will make heavy use of searches on those attributes it is typically a sensible change... That said, it's up to your AD guys to manage their performance however they see fit. If they want to ignore vendor's advice because they know their environment better and monitor/manage their performance already, then that's fine. They may have so many DCs of such a high spec that performance will never be an issue :-)

Regards

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎01-03-2013 02:39 AM

Hi Kelvin

Basically if an attribute is not indexed then it isn't optimised as a field for searching. That's why sAMAccountName for example is indexed by default, as every single logon or search for a username will use that index.

Adding indexed fields increases the size of the AD database, but the trade off is that searhes based on those numbers are faster and incur less processing overhead on the DCs.

Jabber et al do reverse lookups on numbers for every call that is received, so if those number fields are not indexed there will be an overhead on the DCs, and searches may time out or be returned slowly to the client.

There's some more info here:

http://blogs.technet.com/b/ad/archive/2008/04/01/how-to-create-a-mosiac-of-user-thumbnails-in-aduc-dsa-msc.aspx

The bottom line is that yes, it is a 'schema change' but it is reversible (you can just untick the 'index' option any time) - not like actual attribute/class additions. Given that the Jabber clients will make heavy use of searches on those attributes it is typically a sensible change... That said, it's up to your AD guys to manage their performance however they see fit. If they want to ignore vendor's advice because they know their environment better and monitor/manage their performance already, then that's fine. They may have so many DCs of such a high spec that performance will never be an issue :-)

Regards

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
kelvin.j.owen
Level 1
Level 1
In response to Aaron Harrison

‎01-21-2013 07:24 AM

Thanks Aaron

Useful info to pass back to our AD guys

Regards

Kelvin

0 Helpful
Customers Also Viewed These Support Documents