|
|
|
date: Thu, 8 Sep 2005 14:46:47 +1000,
group: microsoft.public.exchange2000.applications
back
Re: What query(s) should I use to get the same list as the GAL
While that mechanism would work to show objects that should be in the GAL, I see
two issues with it.
1. It is who should be in it, not what is actually in it. More on that below.
2. Those queries are horrendous and horribly slow and inefficient compared to
what it could be.
The purportedSearch query is NEVER used against Active Directory as an LDAP
query by the RUS to produce the ALs. The only time the filter is used as an
actual LDAP filter against AD is when you click on the preview button in the ESM.
The query is actually processed against every object the RUS looks at via logic
internal to the RUS. This means that it is possible, and I have encountered it
in real life, where AD would return a different set of matching values than the
RUS does. Most people never figure out that the GAL or any other AL doesn't
match with the true listing because they never do a comprehensive scan of what
is in the GAL listing versus what should be in the listing.
The people that figure it out are the ones that make a custom filter and hit
some issue with how the RUS handles the comparisons[1] and the list gets
populated with nearly nothing. Some people will wait and wait thinking it is a
timing or replication thing, finally after a week they realize it isn't going to
happen and play with it until it seems to work right. Alternatively, people
figure it out if someone important is noticed missing and someone has to dig
into it.
Anyway, the purportedSearch is used by the RUS to stamp the mail objects with
values in their showInAddressBook attribute. The simplest thing to do to get the
GAL list, is to use that attribute which the RUS has already populated. The AL
DNs for any ALs the object is a member of is listed in the multi-value
attribute. For instance, a normal user in my test lab Exchange environment has
these values set:
>showInAddressBook: CN=Default Global Address List,CN=All Global Address
Lists,CN=Address Lists Container,CN=joeware,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=joe,DC=com
>showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists
Container,CN=joeware,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=joe,DC=com
This means the user is in the default GAL and the all users AL.
So looking at the queries, you have the option of using this Default GAL query
(& (mailnickname=*) (|
(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)
))
which breaks down to this easier to read filter
(&
(mailNickname=*)
(|
(&
(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
(objectClass=user)
(!
(homeMDB=*)
)
(!
(msExchHomeServerName=*)
)
)
(&
(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
(objectClass=user)
(|
(homeMDB=*)
(msExchHomeServerName=*)
)
)
(&
(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
(objectClass=contact)
)
(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com)
(objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,DC=com)
(objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configuration,DC=joe,DC=com)
)
)
or you can use this much better query
&(mailnickname=*)(showinaddressbook=CN=Default Global Address List,CN=All Global
Address Lists,CN=Address Lists Cont
ainer,CN=joeware,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joe,DC=com)
Which breaks down to be
(&
(mailNickname=*)
(showInAddressBook=CN=Default Global Address List,CN=All Global Address
Lists,CN=Address Lists Container,CN=joeware,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=joe,DC=com)
)
The statistics from the DC tell the whole tale here.
Using the query I propose you get something like this:
Elapsed Time: 10 (ms)
Returned 5059 entries of 5086 visited - (99.47%)
Index Name : idx_mailNickname
Record Count: 4416 (estimate)
Index Type : Normal Attribute Index
Using the purportedSearch query you get something like this:
Elapsed Time: 220 (ms)
Returned 5082 entries of 5086 visited - (99.92%)
Used Indices:
idx_mailNickname:4416:N
Index Name : idx_mailNickname
Record Count: 4416 (estimate)
Index Type : Normal Attribute Index
Note that even here, you can see that there is a delta in the query above and
what the RUS actually stamped....
The main thing to notice though is the elapsed time differences. The
purportedSearch filter was 22 times slower. Running each query multiple times
resulted in the purportedSearch speeding up to about 200ms at best due to
caching. The other query stayed at 10ms.
joe
[1] One good example is using the NOT (!) operator which I have seen push the
RUS off the deep end when building ALs if you do it like (!attr=val) instead of
(!(attrib=val)).
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Henning Krause [MVP - Exchange] wrote:
> Hello,
>
> I have an article on my website covering your problem:
> http://www.infinitec.de/exchange/howtos/getgal.aspx
>
> Btw, you should not crosspost in so many newsgroups...
>
> Greetings,
> Henning Krause
> MVP - Exchange
> http://www.infinitec.de
>
>
> "Bob" wrote in message
> news:uZ2u3BDtFHA.596@TK2MSFTNGP12.phx.gbl...
>
>>I am writing a web application where users can generate email. I want to
>>provide a mechanism where the users can select the destination email
>>address (much like the functionality provided with the TO: button in
>>Outlook).
>>I currently only retrieve all the users with a mailbox, but I get a couple
>>of extra accounts like the System Mailbox.
>>
>>What else is in the Global Address List? Distribution Groups? Security
>>Groups that have a mail address? Contacts?
>>
>>Does anyone have a set of queries that I can use to re-construct the GAL
>>in my application
>>
>>TIA
>>
>>Bob
>>
>
>
>
date: Thu, 08 Sep 2005 17:52:58 -0400
author: Joe Richards [MVP]
Re: What query(s) should I use to get the same list as the GAL
Thanks Joe, this is an interesting take on things
"Joe Richards [MVP]" wrote in message
news:uDKqu%23LtFHA.3040@TK2MSFTNGP14.phx.gbl...
> While that mechanism would work to show objects that should be in the GAL,
> I see two issues with it.
>
> 1. It is who should be in it, not what is actually in it. More on that
> below.
> 2. Those queries are horrendous and horribly slow and inefficient compared
> to what it could be.
>
>
> The purportedSearch query is NEVER used against Active Directory as an
> LDAP query by the RUS to produce the ALs. The only time the filter is used
> as an actual LDAP filter against AD is when you click on the preview
> button in the ESM.
>
> The query is actually processed against every object the RUS looks at via
> logic internal to the RUS. This means that it is possible, and I have
> encountered it in real life, where AD would return a different set of
> matching values than the RUS does. Most people never figure out that the
> GAL or any other AL doesn't match with the true listing because they never
> do a comprehensive scan of what is in the GAL listing versus what should
> be in the listing.
>
> The people that figure it out are the ones that make a custom filter and
> hit some issue with how the RUS handles the comparisons[1] and the list
> gets populated with nearly nothing. Some people will wait and wait
> thinking it is a timing or replication thing, finally after a week they
> realize it isn't going to happen and play with it until it seems to work
> right. Alternatively, people figure it out if someone important is noticed
> missing and someone has to dig into it.
>
> Anyway, the purportedSearch is used by the RUS to stamp the mail objects
> with values in their showInAddressBook attribute. The simplest thing to do
> to get the GAL list, is to use that attribute which the RUS has already
> populated. The AL DNs for any ALs the object is a member of is listed in
> the multi-value attribute. For instance, a normal user in my test lab
> Exchange environment has these values set:
>
> >showInAddressBook: CN=Default Global Address List,CN=All Global Address
> Lists,CN=Address Lists Container,CN=joeware,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=joe,DC=com
>
> >showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists
> Container,CN=joeware,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=joe,DC=com
>
> This means the user is in the default GAL and the all users AL.
>
>
> So looking at the queries, you have the option of using this Default GAL
> query
>
> (& (mailnickname=*) (|
> (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)
> ))
>
> which breaks down to this easier to read filter
>
>
> (&
> (mailNickname=*)
> (|
> (&
> (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
> (objectClass=user)
> (!
> (homeMDB=*)
> )
> (!
> (msExchHomeServerName=*)
> )
> )
> (&
> (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
> (objectClass=user)
> (|
> (homeMDB=*)
> (msExchHomeServerName=*)
> )
> )
> (&
> (objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=joe,DC=com)
> (objectClass=contact)
> )
> (objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=joe,DC=com)
>
> (objectCategory=CN=ms-Exch-Public-Folder,CN=Schema,CN=Configuration,DC=joe,DC=com)
>
> (objectCategory=CN=ms-Exch-Dynamic-Distribution-List,CN=Schema,CN=Configuration,DC=joe,DC=com)
> )
> )
>
>
> or you can use this much better query
>
> &(mailnickname=*)(showinaddressbook=CN=Default Global Address List,CN=All
> Global Address Lists,CN=Address Lists Cont
> ainer,CN=joeware,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=joe,DC=com)
>
>
> Which breaks down to be
>
>
> (&
> (mailNickname=*)
> (showInAddressBook=CN=Default Global Address List,CN=All Global Address
> Lists,CN=Address Lists Container,CN=joeware,CN=Microsoft
> Exchange,CN=Services,CN=Configuration,DC=joe,DC=com)
> )
>
>
> The statistics from the DC tell the whole tale here.
>
> Using the query I propose you get something like this:
>
> Elapsed Time: 10 (ms)
> Returned 5059 entries of 5086 visited - (99.47%)
>
> Index Name : idx_mailNickname
> Record Count: 4416 (estimate)
> Index Type : Normal Attribute Index
>
>
> Using the purportedSearch query you get something like this:
>
> Elapsed Time: 220 (ms)
> Returned 5082 entries of 5086 visited - (99.92%)
> Used Indices:
> idx_mailNickname:4416:N
>
> Index Name : idx_mailNickname
> Record Count: 4416 (estimate)
> Index Type : Normal Attribute Index
>
>
>
>
> Note that even here, you can see that there is a delta in the query above
> and what the RUS actually stamped....
>
> The main thing to notice though is the elapsed time differences. The
> purportedSearch filter was 22 times slower. Running each query multiple
> times resulted in the purportedSearch speeding up to about 200ms at best
> due to caching. The other query stayed at 10ms.
>
>
>
> joe
>
>
>
> [1] One good example is using the NOT (!) operator which I have seen push
> the RUS off the deep end when building ALs if you do it like (!attr=val)
> instead of (!(attrib=val)).
>
>
>
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Henning Krause [MVP - Exchange] wrote:
>> Hello,
>>
>> I have an article on my website covering your problem:
>> http://www.infinitec.de/exchange/howtos/getgal.aspx
>>
>> Btw, you should not crosspost in so many newsgroups...
>>
>> Greetings,
>> Henning Krause
>> MVP - Exchange
>> http://www.infinitec.de
>>
>>
>> "Bob" wrote in message
>> news:uZ2u3BDtFHA.596@TK2MSFTNGP12.phx.gbl...
>>
>>>I am writing a web application where users can generate email. I want to
>>>provide a mechanism where the users can select the destination email
>>>address (much like the functionality provided with the TO: button in
>>>Outlook).
>>>I currently only retrieve all the users with a mailbox, but I get a
>>>couple of extra accounts like the System Mailbox.
>>>
>>>What else is in the Global Address List? Distribution Groups? Security
>>>Groups that have a mail address? Contacts?
>>>
>>>Does anyone have a set of queries that I can use to re-construct the GAL
>>>in my application
>>>
>>>TIA
>>>
>>>Bob
>>>
>>
>>
date: Fri, 9 Sep 2005 08:05:01 +1000
author: Bob
|
|
