This article is the second (and also the last part) of Windows 2008 AD LDS Load Testing using ADTEST.

This document consists of 2 part, part 1 and part 2, and structured into the following steps:

  • Plan the test (how many users, directory structures, LDAP operations test)
  • Install and configure AD LDS
  • Install and configure ADTest
  • Create test source file
  • Build directory structures
  • Create users and groups (include populating users to group)
  • LDAP operations test

For the first part already discussed the first four bullet points, and it is at http://social.technet.microsoft.com/wiki/contents/articles/windows-2008-ad-lds-load-testing-using-adtest-part-1.aspx 
 
Build AD LDS structures

Before the test can be run, the following objects need to be created at AD LDS:

  • Organizational units
  • User accounts with attributes populated
  • Group accounts with member populated

Organizational Units

We need to create the following base OU structures manually:



It has to be exact name for OU=Groups,OU=BaseOU,DC=fabrikam,DC=corp.

This structure as defined in the test file.



Note that the …,OU=BaseOU,[Domain] is referred by other definitions as well.

This [Domain] value will be passed as part of the command line parameter.

When the base structure is ready, we can run the following command:



Which called the NewRoot section of test file



The result:



The t (or threads) parameter 2 creates the following 2 OU structures:



So if you pass t = 5 then the following OUs will be created:

OU=ou00_team,OU=ou00_unit,OU=ou00_division…

OU=ou01_team,OU=ou01_unit,OU=ou01_division…

OU=ou00_team,OU=ou02_unit,OU=ou00_division…

OU=ou00_team,OU=ou03_unit,OU=ou00_division…

OU=ou00_team,OU=ou04_unit,OU=ou00_division…

 

Create users

When the base OU structures are created, now we are ready for the next step, to create the user accounts, group accounts and populate user to be a member of group.

User accounts with Attributes

To create the user accounts run the following commands:



The command calls AddUser test section in the test file. The create user ADTest command added with the –e (encrypt) option, since create user requires encrypted LDAP operation, without the –e option the following error (with –d 5 option added at the command line for debugging) will be returned:



Windows Error Code 8237 means 'ERROR_DS_CONFIDENTIALITY_REQUIRED'



With root = 0, it means that it will start to create user account from OU=ou00_team,OU=ou00_unit,OU=ou00_division…

And t = 2 directs the ADTest to run 2 threads so it will create user accounts in the following OUs:

 

OU=ou00_team,OU=ou00_unit,OU=ou00_division… until

 

 

OU=ou01_team,OU=ou01_unit,OU=ou01_division…

The number of user created will be threads (2) times $DefaultRange (from 0 to 2000, 2001 user accounts for each OU x 2 threads = 4002 user accounts), 4002 user accounts are created.






Group accounts with member

For group account, we need to create the group account first:




 
Note that the t=1, if you would like to create more group you can increase the t value.

And then we populate the group membership:



The command above use the following AddMembers test:



With the $GroupRange defined as 0-50 which means user objects CN=u0x_000000 to CN=u0x_000050.

x will be determined by root and t values, if the root=0 and t=2 then user objects:

CN= CN=u00_000000 to CN=u00_000050

CN= CN=u01_000000 to CN=u01_000050

Will be added to GrpAcc_000000 group object as we set parameter GROUP=0, we add users to another group using

By using multiple workstations, you can add user objects (e.g 2000 users) to different group by using different GROUP value.

LDAP operations test

After all the objects are populated in the AD LDS, the LDAP operations test can be performed. Performance monitor can be used to monitor, refer to the ADTest documentation on the details.

The following is the sample commands for testing:

Simple bind

adtest -adam -server adfs1 -port 50000 -f adlds.ats -domain dc=fabrikam,dc=corp -run simple_bind -t 5 -user administrator -<type ldsadmin password here> -root 0 -t 2 -sf

Fastbind

adtest -adam -server adfs1 -port 50000 -f adlds.ats -domain dc=fabrikam,dc=corp -r fast_bind -user ldsadmin -password <type ldsadmin password here>  -root 0 -t 2 -sf

Update Attribute

adtest -adam -server adfs1 -port 50000 -f adlds.ats -domain dc=fabrikam,dc=corp -r Update_1Attr -user ldsadmin -password <type ldsadmin password here> -root 0 -t 2 -sf

Search attribute

adtest -adam -server adfs1 -port 50000 -f adlds.ats -domain dc=fabrikam,dc=corp -r Search_Base_10Attr -user ldsadmin -password <type ldsadmin password here> -root 0 -t 2 -sf

That's all and happy testing!