Hi,
This is with v7.1.2.
Here I have an Active Directory OU in a test domain which contains over 50,000 AD contacts external to the domain 1IM needs to manage. We don't need our sync project to touch any object in this OU at all.
ADUC can scan the container for all contacts in less than a second, and a filtered LDAP query in an LDAP browser will give me all contacts except these ones in under 0.14 seconds.
The best I've been able to manage in Synchronization Editor is, I got it down to ~21 seconds by applying scope filters in three ways:
- Scope filter based on the heirarchy of existing system objects (de-selecting the offending OU from the treeview)
- Object filter - NOT LIKE %OU=OUtoExclude,DC=company,DC=com
- Schema classes using the same filter
But even then, it shouldn't take the target system browser 150 times as long as ADUC or LDAP Browser to retrieve the exact same result using the exact same LDAP filter.
If I use the target system browser to find containers, users or organizational units outside the excluded OU, the result set is returned inside of 0.16 seconds even when the result sets have hundreds of objects from many different OUs. So it almost seems like the issue is specific to AD contacts.
If I set the container, contacts and organizationalUnits mappings to use the filtered schema classes, it takes 40 seconds for Target System Browser to find all contacts.
Any ideas why this might be happening?
And, why is this only happening with contacts? It doesn't happen with any other class of object, as far as I can tell.
