Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

       How did you like this article? Please vote and let us know.          

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Shannal L. Thomas
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links

 

 
  Creating a Spam Quarantine with Exchange 2007

AD attribute and indexing settings
Page 1

AD attribute and indexing settings

 

This info is from a response to a question another MVP had on our Exchange MVP mailing list.  What triggered this thread was a question about support, or lack of, for hidden DL membership in Exchange 2007.  For more info on this read Dave's blog post on this topic.  So I didn't write the text below, just reposting here for everyone else to get the benefit of this knowledge

 

Thanks Dave Goldman for this info!  Dave's blog

 

You can improve search behavior by indexing the attributes that are most likely to be searched. The searchFlags attribute of an attributeSchema object indicates whether the attribute is indexed and the nature of the indexing. The searchFlags attribute is an integer value whose least significant bits indicate whether the attribute is indexed and in what way. Use the OR operator to combine the bit values to achieve the appropriate indexing behavior.

Values in the searchFlags attribute have the following effects:

  • 1 = Index over attribute only. Bit 0 must be set (0001). You can use the Active Directory Schema MMC snap-in to set this flag.
  • 2 = Index the attribute in each container (this value is used in conjunction with 1). Bit 0 and bit 1 must be set (0011). You can use Active Directory Schema to set this flag.
  • 4 = Add this attribute to the ANR set (this value is used in conjunction with 1). Bit 0 and bit 2 must be set (0101).
  • 8 = Preserve this attribute on logical deletion (that is, make this attribute available on tombstones). Bit 3 must be set (1000).
  • 16 = Copy the value for this attribute when the user object is copied. You can use this value to set up a user object template so that you can create multiple users by making copies of an original and providing values for only those attributes that are unique to each user. Bit 4 must be set (10000). For example, set this flag for attributes, such as company and department, that you want to copy, but do not set attributes that must be unique, such as objectSid and sAMAccountName.
  • 32 = Index this attribute for medial-string search (this value is used in conjunction with 1). Bit 5 and bit 0 must be set (100001). This indexing capability is provided on domain controllers running Windows Server 2003 when the schema has been updated for Windows Server 2003 functionality.

Attribute Indexing: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbg_dat_dstm.mspx

For efficient searches on common attributes, Active Directory supports indexing. Attributes can be indexed to decrease the time required to locate a record in a large database — that is, a certain attribute or combination of attributes can be used to uniquely identify a record.

By default, attributes that are searched often, such as surname , cn (common name), userPrincipalName , and so forth, are indexed. You can select other attributes for indexing by using the Active Directory Schema console. When you open the properties for an attribute object, you can see whether the attribute is already selected for indexing; if it is not, you can select it, which sets an index flag on the attribute. The value of this flag is replicated, and the indexing is performed by the DSA when the schema is refreshed. Likewise, if you reverse the selection, the change is made when the schema is refreshed.

 

Note - Indexing attributes can affect update rate and database size. Attributes should be indexed only when you are certain that they will be used often for searching.

02 - If this will produce any problems on AD.

It should not. Indexing consumes disk space and processor time, though, and an attribute must be unique to make the index worthwhile. Only the most commonly searched attributes are selected for indexing.

How to Index an Attribute in Active Directory: http://technet.microsoft.com/en-us/library/aa995762.aspx
Regarding indexing member and memberof (linked attributes): Linked Attributes, due to internal implementation details, cannot be indexed. You can set the flag, but it will not create an index. Linked attributes are implicitly linked - in Windows 2003 we added the necessary logic to use these implicit indexes.

 

For more information on the Exchange 2007 Indexes: http://msdn2.microsoft.com/en-us/library/bb799744(EXCHG.80).aspx and http://msdn2.microsoft.com/en-us/library/aa581540(EXCHG.80).aspx

Related info:

 

AD attribute and indexing settings
Page 1

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Pro Exchange. OutlookExchange.Com and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

© Copyright Pro Exchange, Inc., 2006