Granted, that the company I work for has been late to deploy LDAP, which they're still working on (btw). This forces us developers to continue using the good ol' WinNT:// service provider for Active Directory. It's really frustrating when simple tasks take longer than expected. A list of domains or a list of groups in a domain was very simple and easy to do in old ASP taking only minutes. To migrate this same information to .NET has taken a LOT longer than it should IMHO. Now that I believe I have the main problem narrowed down to security ( since this is an ASP.NET application). This was finally discovered after creating a test WinForm application. I certainly hope that LDAP has better performance and even if it does I would bet money that it's still not extremely fast. This is one area that I wish Microsoft would backend in SQL and create some API's or something where we can get a query of just 5,000 item back in seconds, instead of the minutes it currently takes using WinNT:. (This was retrieving the properties for each of the 5,000 items as well.) Well, just don't try to get a User's NT GROUPS using System.DirectoryServices, from what I've heard and found, you have to actually create a COM Interop wrapper for ActiveDirectory. And, then if you try to strongly name your assembly, you'll have to follow these steps as well: http://support.microsoft.com/default.aspx?scid=kb;en-us;313666