why does using the same c# code to change password in AD in different computer make different speed?

Question

I used the class in System.DirectoryServices to change password in AD. The code like this:

    DirectoryEntry _directoryEntry = new DirectoryEntry(ldapPath, user, pwd, AuthenticationTypes.Secure);
    public bool ChangePassword(string userPath, string newPassword)
    {
        try
        {
            if (userPath != null && _directoryEntry != null)
            {
                _directoryEntry.Path = userPath;
                //Set the password
                _directoryEntry.Invoke("SetPassword", new object[] { newPassword });
                _directoryEntry.CommitChanges();
                return true;
            }
        }
        catch (Exception ex)
        {
            //Invalid Login or the domain controller is not contactable
            throw ex;
        }
        finally
        {
            _directoryEntry.Close();
            _directoryEntry = null;
        }
        return false;
    }

I executed these codes on different computer. The time spent from several ms to several seconds.

why does the same code executed in different Environment to change password in AD spent different time? I have spent a lot of time in dealing this problem but still no result. Can anybody tell me? Thank you very much!!!!!

Answer 1

I had this issue. It is likely because on one computer you are querying the master domain controller directly, and on the other you are querying a read-only domain controller which then has to query the master domain controller. Why? No idea. I just know when I used Wireshark to listen on my AD query traffic, it was always going fast when it was talking to the master domain controller, and slow all the other times. So, I usually include the controller I want in the DirectoryEntry constructor (ie, LDAP://ip-of-controller/cn=whaerver,ou=2whafsal,dc=etc).

You can also open a command prompt and run echo %logonserver% to check which domain controller you computer will default to (I think).

Answer 2

You should really get a network trace and see what's going on. There's alot of moving parts here.

That aside, the way this code is laid out is a bit strange. Why are you creating the DirectoryEntry and then changing the Path property?

Answer 3

Well a simple ping report should help you rule out any network related issues. just ping your AD from your different test machines and observe the response time.

Answer 4

This sounds like it is a simple environment issue. Maybe the network is further away or just slower in general, or it could be that the processor is slower, or just about any number of environmental differences. I would compare some of the key hardware specs. You could also make sure that there are very minimal processes running on each machine to verify that it might not be a conflict from another process.