Working with Exchange, you often come across settings that are good for one technology but can have a negative impact on Exchange – or vice versa. I bring this topic up because I was talking to a Microsoft Platforms PFE friend of mine that recommended enabling Virtual List View (VLV) to his customer to improve Active Directory performance. After discussing with him about some of the downfalls with VLV and Exchange, I wanted to write a blog that covers some of the advantages and disadvantages of VLV.
To start, I’ve found that not many admins are familiar with VLV so let’s start with some info about VLV and what it does.
Description from http://technet.microsoft.com/en-us/library/cc540446.aspx
A virtual list is a GUI technique that is employed when ordered lists containing a large number of entries need to be displayed. When the LDAP protocol is extended to use VLV, a window that contains a small number of visible list entries is drawn. The visible portion of the list can be relocated to different points in the list by means of scrolling, slider bars, and cursor keys as well as PAGE UP and PAGE DOWN keys. The user experience is that the full list can be browsed at will, even though it might contain millions of entries. In fact, the complete list contents are never required at any one time. Rather than retrieve the complete list from wherever it is stored (typically, from disk or a remote server), the server retrieves only the information that is required to display the part of the list that is currently in view on the client.
When you have indexed appropriate attributes to use VLV, you can use Ldp (or other VLV-enabled applications) to retrieve large lists from Active Directory without requiring the server to return the entire contents of the results set (improving response speed) and without requiring the search client to store the results set in memory (improving the speed at which results are listed).
From a Microsoft Platform Engineer
“With default settings, VLV is an expensive operation on DCs. Additionally, in some cases it will fail due to the size of the data set being larger than the temp table we put it in to sort. Again, assuming default settings (no additional indexing).
Some customers opt to enable more indexing in an effort to make VLV fast, efficient, and reliable.
Others choose to just disable it.
Since well behaved clients can handle disabling it gracefully they look at the capabilities we advertise off of RootDSE and just ‘notice’ that VLV isn’t there, so they don’t use it. Many customers have opted to just not use it. It’s a choice that we can’t make for them, we only give them the tools and let them decide what is best for their enterprise.”
More information about VLV
This document describes a Virtual List View extension for the Lightweight Directory Access Protocol (LDAP) Search operation. This extension is designed to allow the “virtual list box” feature, common in existing commercial e-mail address book applications, to be supported efficiently by LDAP servers. LDAP servers’ inability to support this client feature is a significant impediment to LDAP replacing proprietary protocols in commercial e-mail systems. The extension allows a client to specify that the server return, for a given LDAP search with associated sort keys, a contiguous subset of the search result set. This subset is specified in terms of offsets into the ordered list, or in terms of a greater than or equal.
Background of VLV and Outlook 2003/2007
By default, Office Outlook 2007 directory browsing or Virtual List View (VLV) searches for LDAP are disabled, and users can enable the feature.
In Outlook 2003, directory browsing was enabled by default. However, users must work with small LDAP directories when using directory browsing. A new registry key was provided with Outlook 2003 Service Pack 2 to allow VLV searches to be disabled. Office Outlook 2007 uses the same registry keys to regulate this feature. If your environment uses small LDAP directories and requires directory browsing, you can enable the feature by configuring the option in the Office Customization Tool or by setting the registry key (to make it a default option), or by using Group Policy (to enable and lock down the setting).
You can prevent users from using directory browsing by configuring a setting in Group Policy.
Support statement from Microsoft on VLV in Exchange 2010
http://technet.microsoft.com/en-us/library/dd638130.aspx
Exchange 2010 now creates system address lists in a new container. Recipients created or modified using Exchange 2003 or Exchange 2007 management tools won’t be stamped with these system address lists. As a result, they won’t be seen by the Get-Recipient cmdlet.
To fix this issue, you must enable Active Directory virtual list view (VLV). After you have completed the upgrade of an existing Exchange 2003 organization to Exchange 2010 and have decommissioned your Exchange 2003 servers, you must enable Active Directory VLV. To enable VLV for Exchange 2010, run the Enable-AddressListPaging cmdlet.
How to change VLV
1. Click Start, click Run, type Adsiedit.msc, and then press ENTER.
2. In the ADSI Edit tool, expand the Configuration[DomainController] node.
3. Expand the CN=Configuration,DC=DomainName container.
4. Expand the CN=Services object.
5. Expand the CN=Windows NT object.
6. Right-click the CN=Directory Service object. Click Properties.
7. In the Attributes list, click msds-Other-Settings. Click Edit.
8. In the Values list, click any instance of DisableVLVSupport=x where x is not equal to 0, and click Remove.
9. Click OK twice. Close the ADSI Edit tool
VLV Outlook Setting
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry if you use Outlook 2007:
3. HKEY_CURRENT_USERSoftwareMicrosoftOffice12.0Outlook
4. Locate and then click the following key in the registry if you use Outlook 2003:
5. HKEY_CURRENT_USERSoftwareMicrosoftOffice11.0Outlook
6. On the Edit menu, point to New, and then click Key.
7. Type LDAP, and then press ENTER.
8. Click LDAP. On the Edit menu, point to New, and then click DWORD Value.
9. Type DisableVLVBrowsing, and then press ENTER.
10. On the Edit menu, click Modify.
11. Type 1, and then click OK.
or
User ConfigurationAdministrative TemplatesMicrosoft Office Outlook 2007 Miscellaneous, double-click Turn on VLV Browsing on LDAP servers.
Summary
As you can tell from the articles and information above, VLV sounds like a good idea to turn off if you are an AD admin. The pitfall of turning off VLV support is that all Outlook Web Access paged searches against a domain controller will fail. This may cause performance degradation for Exchange 2007; breaking OWA functionality and causing users not to be able to browse or search the GAL.
Sorry AD folks, VLV might not be the best process for your AD infrastructure but it is needed for Exchange. And we all know that Exchange wins all battles. 🙂
Part II
In part II of this post, I will provide examples of error messages which will be returned from ExBPA and OWA when VLV is disabled.