Writing LDAP queries can prove quite difficult because of its odd search filter syntax and the (mostly) non-relational nature of the LDAP data store. Even once you get your query in place, performance issues can plague your query if you don’t set it up correctly. Efficient queries with LDAP search filters are important for performance considerations.
The articles below should help you create efficient LDAP queries. One key is to make sure attributes you search on often are indexed in Active Directory. You can also save a lot of cycles by sorting on the client and searching by objectCategory instead of objectClass.
- Creating Efficient Filters and Other Tips: http://msdn.microsoft.com/en-us/library/windows/desktop/ms808539.aspx#efficientadapps_topic01e
Nested Filter Tips for Efficient Queries with LDAP Search Filters
Avoid deeply nested complex filters when you can. When you must use complex filters, place the most specific filters first to narrow the list of candidate entries the directory must check. For best results, use not, !, only with and, &, for example (&(cn=Barbara)(!(sn=Jensen))). When you use not with or in a filter, the directory must construct a candidate list of everything except what your filter specifies.