Safeguard Authentication Services uses LDAP queries that fully comply with Microsoft's best practice recommendations for efficiency and performance. These queries are used to cache and update users and groups periodically. This caching process reduces the number of overall lookups by ensuring that data is available locally minimizing the volume of queries. Queries made to Active Directory to populate our cache are only initiated when essential for product functionality.
All existing SAS LDAP queries are fully optimized. Reviews conducted with the guidance and input of Microsoft have informed and directed the design of SAS queries.
One Identity continually reviews our techniques and processes to ensure Safeguard Authentication Services adopts the current industry standards.
For technical details please review the following Microsoft article:
LDAP considerations in ADDS performance tuning:
https://learn.microsoft.com/en-us/windows-server/administration/performance-tuning/role/active-directory-server/ldap-considerationsThe following Microsoft articles are an overview of change tracking and polling which SAS uses for initial cache loading and USN updates:
Overview of Change Tracking Techniques
https://learn.microsoft.com/en-us/windows/win32/ad/overview-of-change-tracking-techniquesPolling for Changes Using USNChanged
https://learn.microsoft.com/en-us/windows/win32/ad/polling-for-changes-using-usnchanged