Phone Lines icon GFI Support Home

Articles in this section

Optimizing the communication between Kerio Control and Active Directory

Author: Suman Sesham Updated

Overview:

If you have a large or territory-distributed Active Directory, you can edit variables in the Kerio Control configuration files to speed up communication between Kerio Control and Active Directory.

Customizing the search suffix

You can define a specific search suffix for:

  • Geographically distributed Active Directory schemes
  • Active Directory with more than 10000 objects

This definition reduces:

  • Loading time and number of displayed domain controller users/groups in the Kerio Control Administration
  • Traffic between Kerio Control and hosts in the domain controller.

To customize the search suffix for searching in the LDAP database:

  1. Log in to the operating system shell environment. For more information refer to Modifying Configuration Parameters in Kerio Control
  2. Type /opt/kerio/winroute/tinydbclient "update Domains set CustomSearchSuffix='OU=Users,DC=example,DC=com' where Domain=example.com"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart

Optimizing timeouts

You can optimize two timeouts:

  • ConnectionTimeout determines for how long Kerio Control holds the connection open. The default value is 600 seconds. If Active Directory cuts the connection prematurely, you can decrease the number:
  1. Log in to the operating system shell environment. For more information refer to Modifying parameters in Kerio Control configuration.
  2. Type /opt/kerio/winroute/tinydbclient "update LdapAttributes set ConnectionTimeout=300 where Type=ADS"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart
  • OpTimeout determines how long Kerio Control waits for a response when sending packets to the Active Directory controller. The default value is 5 seconds. To optimize the timeout, increase the number:
  1. Log in to the operating system shell environment. For more information refer to Modifying parameters in Kerio Control configuration.
  2. Type /opt/kerio/winroute/tinydbclient "update LdapAttributes set OpTimeout=60 where Type=ADS"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart

Related articles