SAML Query to Active Directory - LDAP performance Challenges
In my environment, User authentication to a critical application is happening through ADFS SAML query. In the SAML query in turn do query to AD. Now we are getting auth failure in application due to slow response from AD as mentioned by application team.
In this situation, to do a clear idea on slowness of LDAP queries/response from AD (from ADFS - SAML ) , what approach I should take. How can I troubleshoot or investigate that it is happening for AD or not or it is happening because of application issue.
I have enabled AD performance counters and Audit Events to check efficient and ineeficient queries made to AD from ADFS(SAML).
I found that AD is respond on LDAPS queries to ADFS and the search time for all queries lies between 700ms to 1100ms
We are getting below events in AD Audit:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 5/14/2024 11:25:27 AM
Event ID: 1644
Task Category: Field Engineering
Level: Information
Keywords: Classic
User: domain\svc_BatchjobUser
Computer: DC120
Description:
Internal event: A client issued a search operation with the following options.
Client:
10.102.12.170:33654
Starting node:
DC=fq,DC=fq
Filter:
(member<==>CN=svc_jnkns,OU=Funktions Konton,OU=Users,OU=PHA,DC=fq,DC=fq,DC=fq)
Search scope:
subtree
Attribute selection:
cn
Server controls:
Visited entries:
209369
Returned entries:
1
Used indexes:
DNT_index:94168:N;
Pages referenced:
1487926
Pages read from disk:
0
Pages preread from disk:
0
Clean pages modified:
0
Dirty pages modified:
0
Search time (ms):
1641
Attributes Preventing Optimization:
member
User:
CN=svc_BatchjobUser,OU=Service Accounts,OU=Special-accounts,DC=dc1,DC=fq,DC=fq
can anyone please guide me how should I proceed further to check the details..