I have been testing the Splunk App for Windows Infrastructure. Awesome.
My one disappointment in the app is it's performance in very large Active Directory environments. Specifically, performance of queries about User, Group or Computer state sourced from SA-ldapsearch. LDAPsearch reports are unusably slow taking minutes to render. An equivalent search using the Microsoft-based interfaces to AD (dsa.msc) takes less than a second to render identical results.
Are there any performance tuning options or development activities for SA-LDAPSearch?