I am asking experts with experience with AD CS databases with 100.000s or millions of certificate to confirm or correct my "theories".
I am aware of these two articles that state performance is not an issue for millions of certificates:
Windows CA Performance Numbers and Evaluating CA Capacity, Performance, and Scalability
However, here performance is mainly evaluated in terms of database size and request / certificate throughput. I am more interested in the performance of queries as I have seen that it might take minutes to build up views for databases with 100.000s of certificates - no matter if you use certutil -view, certsrv.msc, or access to CCertview.
Could this just be due to an "unfortunate" combination of non-indexed fields? Any advice on which queries to avoid?
Or is the solution just as simple as to throw more memory or CPU or both at the problem?
In case it hinges on an unfortunate choice fields and you absolutely have to do this query my guess is that you have to use a custom policy(*) module (FIM or third-party) to dump certificates to a SQL database and do your queries there.
Am I right or did I miss something? Any input is highly appreciated!
Elke
PS / edit: That should have been 'Exit module' - I don't know why I wrote Policy Module. Thanks for Vadims for pointing it out.