With a few code changes you can probably get your Group enumeration to go about 20x faster:
Finished enumeration for XXX.COM in 00:02:20.2612317
vs
Finished enumeration for XXX.COM in 00:00:05.3291053
Not sure about other queries - probably wont be as affected but will bring some additional speed gains.
At the moment you are recycling your LdapConnection for each query. Due to the way group membership is performed you are spinning up a new LdapConnection per group (in my domain that was only a small amount of groups, in large domains it can be tens of thousands+). Each LdapConnection has to do the whole Krb handshake on top of the ldap connection so it takes forever.
I just assigned conn to a local variable in Utils, made sure GetLdapConnection returned this value if it wasn't null, and stripped the using blocks around conn (in 3 places afaik). I haven't submitted a pull request as it was dirty, but its something I would recommend looking into.
Edit: I am running from non-domain joined /netonly command prompt - maybe if you are domain joined the Krb ticket is recycled? so the delay isn't quite as big. Unsure - haven't tested :)
Edit2: You probably want some exception/error checking if that LdapConnection gets destroyed at anypoint.
With a few code changes you can probably get your Group enumeration to go about 20x faster:
vs
Not sure about other queries - probably wont be as affected but will bring some additional speed gains.
At the moment you are recycling your LdapConnection for each query. Due to the way group membership is performed you are spinning up a new LdapConnection per group (in my domain that was only a small amount of groups, in large domains it can be tens of thousands+). Each LdapConnection has to do the whole Krb handshake on top of the ldap connection so it takes forever.
I just assigned
conn
to a local variable in Utils, made sure GetLdapConnection returned this value if it wasn't null, and stripped theusing
blocks around conn (in 3 places afaik). I haven't submitted a pull request as it was dirty, but its something I would recommend looking into.Edit: I am running from non-domain joined /netonly command prompt - maybe if you are domain joined the Krb ticket is recycled? so the delay isn't quite as big. Unsure - haven't tested :)
Edit2: You probably want some exception/error checking if that LdapConnection gets destroyed at anypoint.