if your AD connector is slow, it usually means you didn't go through the db optimization steps - in particular you don't have the name index enabled?
How many users are in your AD, and how many are "interesting" to EEPC?
Yes, indexing the db is on our top priority list for sure.
We are talking about 18,000 "interesting" users
18,000 out of how many?
and, did you turn the name index on? You said it was a priority, but indeed did you enable it?
I should mention that the AD connector has nothing to do with password sync - I wish it could, but since AD does not know what your password is, the info simply is not there. The connector just handles the location of users in the groups, info sync like logon hours etc, password expiry and enabled/disabled status.
How long is "long"? Can you describe that in numbers? How many user objects do you have in EE database or synchronized portion of AD?
There is no "incremental" connector synch; it is a multipass approach. At first, all database user objects are scanned and matched against AD, then new AD objects are processed.
In your database root folder (\SBDATA) there should be DBCFG.INI file with this clause:
This must be set to "Yes" for the name index/caching to be used by programs running for this directory.
The indexing is not enabled in the production. I just checked the article KB60490. Let me do that and test the performance.
You'll find it will make a huge difference, especially with a db that size.
In this case you may find the whole performance and best practices article interesting: