We have a large LDAP directory that we're currently returning all users from. We iterate through the list of users, and compare what we've saved locally to find those that either no-longer exist, or that are new, then create/delete them locally.
The problem is that this operation takes HOURS to complete.
I think the solution to this would be to define a more specific search query to Directory Services and only return those users that have been modified in the last 24 hours (or whenever it last ran). Unfortunately I'm having difficulty finding which property to use in order to make the search query more specific.
I've looked at this list of available properties, but all I can see that might work is 'ms-DFS-Last-Modified-v2', however, I'm not sure how to use it.
Any other ideas?
The code we're using to search currently is below:
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "MYDOMAIN", "dc=MYDOMAIN,dc=co,dc=za");
UserPrincipal theuser = new UserPrincipal(domainContext);
theuser.Name = "*";
// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher(theuser);
// assign the query filter property for the principal object
pS.QueryFilter = theuser;
// run the query
PrincipalSearchResult<Principal> theresults = pS.FindAll();
retUsers = new List<ActiveDirectoryUser>();
List<UserPrincipal> copyUsers = new List<UserPrincipal>();
copyUsers = theresults.OfType<UserPrincipal>().Where(userresult => userresult.EmailAddress != null).ToList();
foreach (UserPrincipal result in copyUsers)
{
... process users.
}
