Active directory performance testing tool (adtest.exe)

summary: 1) raise functional level of AD server to Windows server 2003; 2) import adsiedit.dll, and run adsiedit.msc; 3) set dSHeuristics bit; 4) update registry table; 5) create ADTest and its password, and set it as member of administrator; 6) Create BaseOU; 7) run NewRoot&AddUser tests to setup the test environment


step 1: Setup Test Servers

OS
windows server 2003 with SP1, enterprise edition. 32-bit platform.

server configuration
After you install the OS on server, perform the following steps to configure the server for the performance tests. The server is configured as domain controller of forest. The domain functional level must be raised and a dSHeuristics bit set so that Active Directory will treat the userPassword attribute as a password and not just a string attribute. Furthermore, to avoid errors that may be caused by the server and client running out of connections, some registry entries must be changed.

First, install AD on server to make the server a domain controller.

Next, raise the functional level of each domain to Windows Server 2003.

Next, set dSHeuristics bit so that the userPassword attribute is treated like a password and not a string attribute. This operation will succeed only if the domain functional level is Windows Server 2003. Set the 9th bit to 1 (e.g., change the value to 000000001, shown in figure)





Next, set registry entries to allow more connections to the server using windows interface or by command line


(by Windows interface)
1. Click Start, click Run, type regedit, and then click OK.
2. Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Right-click the details pane, point to New, and then click DWORD value.
4. Type MaxUserPort as the name for the new value, and then press ENTER.
5. Right-click MaxUserPort, and then click Modify.
6. In Value Data, type fffe.
7. Ensure that Base is Hexadecimal, and then click OK.
8. Right-click the details pane again, point to New, and then click DWORD value.
9. Type TcpWindowSize as the name for the new value, and then press ENTER.
10. Right-click TcpWindowSize, and then click Modify.
11. In Value Data, type ffff.
12. Ensure that Base is Hexadecimal, and then click OK.



Step 2: Create ADTest User

An ADTest user must be created. This account is used by ADTest to create users, OUs, and groups in the directory and to perform the tests. Create an ADTest user account for each Active Directory forest, and then assign a password to the user account (e.g. ss-123456 for this test). Then add the ADTest user account to the Administrators group on the server.

Step 3: Setup Test Client Computers

You also need to set the MaxUserPort and TcpWindowSize registry keys. These keys allow the clients to have more connections to the server. You can set these keys by using the Windows interface or by using a command line.


(by using a command line)
1. Click Start, click Run, type cmd, and then click OK.
2. Type the following command, and then press ENTER:
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v MaxUserPort /t REG_DWORD /d 0xfffe
3. Type the following command, and then press ENTER:
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v TcpWindowSize /t REG_DWORD /d 0xffff


Join the client computer(s) to the test domains.

Step 4: Setup the Test Environment

Before you setup the test environment, ensure that the previous procedures have been completed. In particular, an ADTest user account with password "ss-123456" must be created and added to the Administrators group on the server.

The section explains how to use the ADTest scripts to setup the OU structure and add all the users programmatically.

On the server, create and OU named BaseOU directly under the domain node. The ADTest commands will subsequently create the appropriate OU substructure below the BaseOU for each test that is performed. All user accounts are then created the OU substructure to facilitate the subtree searches. If a subtree search is performed directly below the domain node, the results are slower as the clients receive referrals.

To create the OU substructure and user accounts for the domain, open a command line and change folders to the folder that contains adtest.exe. Type the following command to create the OU substructure:

adtest -r NewRoot -f myTest.ats -user ADTest -password ss-123456 -root 0 -t %3 -sf -e -d 5


where %3 is the number of OUs desired. To test 3M users, 10 OUs are created.

To create the user accounts, type the following command:

adtest -r AddUser -f myTest.ats -user ADTest -password ss-123456 -root 0 -t %3 -sf -e -d 5

where %3 is the number of users. You can change the default number of users in .ats file (the default is 3M, check #define $DefaultRange #(0-2999999))