Optimizing the communication between Kerio Control and Active Directory

If you have a large or territory-distributed Active DirectoryA directory service for Windows domain networks., you can edit variables in the Kerio Control configuration files to speed up communication between Kerio Control and Active Directory.

Customizing the search suffix

You can define a specific search suffix for:

  • Geographically distributed Active Directory schemes
  • Active Directory with more than 10000 objects

This definition reduces:

  • Loading time and number of displayed domain controller users/groups in the Kerio Control Administration
  • Traffic between Kerio Control and hosts in the domain controller.

To customize the search suffix for searching in the LDAPLightweight Directory Access Protocol - A protocol that enables users to access centrally managed contacts. database:

  1. Log in to the operating system shell environment. For more information refer to Modifying parameters in Kerio Control configuration.
  2. Type /opt/kerio/winroute/tinydbclient "update Domains set CustomSearchSuffix='OU=Users,DC=example,DC=com' where Domain=example.com"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart

Optimizing timeouts

You can optimize two timeouts:

  • ConnectionTimeout determines for how long Kerio Control holds the connection open. The default value is 600 seconds. If Active Directory cuts the connection prematurely, you can decrease the number:
  1. Log in to the operating system shell environment. For more information refer to Modifying parameters in Kerio Control configuration.
  2. Type /opt/kerio/winroute/tinydbclient "update LdapAttributes set ConnectionTimeout=300 where Type=ADS"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart
  • OpTimeout determines how long Kerio Control waits for a response when sending packets to the Active Directory controller. The default value is 5 seconds. To optimize the timeout, increase the number:
  1. Log in to the operating system shell environment. For more information refer to Modifying parameters in Kerio Control configuration.
  2. Type /opt/kerio/winroute/tinydbclient "update LdapAttributes set OpTimeout=60 where Type=ADS"
  3. To apply the new configuration, type: /etc/boxinit.d/60winroute restart