I am using Active Directory as a identity and group repository for my web application. I connect to it remotely through the LDAP SSL interface and perform operations such as creating users (who has memberships to one or more groups), creating groups and authenticating users.
I could potentially have tens of thousands of small groups (maybe 50,000) for, say 100,000 user, in a flat structure. I am wondering if this is going to be a performance issue when calling Active Directory through LDAP. Active directory enforces uniqueness on username and group names. Should I be concerned that operations like creating and updating user might become too slow as the number of groups grows?
