I apologize for leaving out crucial information. I am trying to enchance (less-than-optimal) .NET code, so this involves the use of DirectorySearcher and SearchResult classes in the System.DirectoryServices namespace. The current implementation takes the top-level group name and searches for it, then loops through the "member" collection returned (part of the SearchResult.Properties collection), determining which is a User and which is a Group. For those identified as Groups, they are put through their own level of Members search. For each User that is retrieved, yet another search is performed to get their logon name (appears the results of the Member collection shows only Full Name property of Users).
So in an example scenario, that can result in 200+ calls for individual User query, taking some 179 seconds. My immediate idea was to find a way to make a single chunky query rather than numerous small queries (similar to SQL query advice), so I wondered if there is an LDAP search pattern that can have itself recursively drill down all groups and return me the Logon names in one fell swoop. If that is not possible, then the next best thing would be to return all Users' Logon names in a Group rather than the Full name. Aaron List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/