Topic Last Modified: 2007-09-19

The Microsoft Exchange Analyzer tool includes a performance data collection engine that is used to query performance counter objects on computers that are running Exchange 2000 Server or Exchange Server 2003. The performance data collection engine collects data from the LDAP Read Time performance counter of the MSExchangeDSAccess Process performance object to analyze performance data.

The LDAP Read Time performance counter shows the time in milliseconds that it takes a Lightweight Directory Access Protocol (LDAP) read request to be fulfilled. The Exchange Analyzer retrieves a sample every 5 seconds for 5 minutes. The Exchange Analyzer then reports the maximum value for the performance counter during the collection interval. If the maximum value exceeds 100 milliseconds, the Exchange Analyzer displays an error.

High LDAP read latencies can be caused by high remote procedure call (RPC) latencies and by increasing queues. High LDAP read latencies generally indicate one of the following problems:

LDAP latencies are generally higher when users connect to domain controllers that are located in different physical sites. However, the recommended maximum latencies stated in this article should generally be followed.

Exchange servers will query out-of-domain global catalog servers every 15 minutes to keep an up-to-date list of global catalog servers and Domain Controllers. Because some of these directory servers may be remote, the latencies on these queries may be high. This is acceptable as long as the requests are infrequent, that is, the rate is less than 0.5 requests a second.

If the domain controller that has logged this error is located in a different physical site, you may be able to safely ignore this error if you can determine whether the domain controller that reports this error is not used by the Exchange server. One way to determine whether a domain controller is used by Exchange is to increase diagnostic logging for the Topology component of the MSExchangeDSAccess service to Minimum. If you do not see MSExchangeDSAccess event ID event 2080, you can safely ignore this error.

For mixed mode environments only, behavior was introduced around the Exchange 2000 SP2 timeframe for certain specific security related user attributes like tokenGroups and tokengroupsGlobalandUniversal, used to determine what security groups a user is a member of and therefore what permissions s/he has to secure resources such as public folders, that requires the Exchange server to query a domain controller that is authoritative for the user’s home domain. The authoritative domain controller may be in a remote site and queries from lots of remote homed domain users accessing local public folders could contribute to high RPC latencies.

For more information about this behavior, see the following Exchange Server blog topic "Exchange Does Not Always Use Local GCs" (

Links to blogs are provided to help you find the technical information you need. The content of each blog and its URL are subject to change without notice.

To resolve this error, do the following: