We are trying to synchronize user accounts in a service with those accounts in an Active Directory.
The candidate technology is now .NET, DirectorySearcher, and "Polling for Changes Using USNChanged" (https://msdn.microsoft.com/en-us/library/ms677627.aspx).
I need to know about modifications involving both users and selected groups. Efficient tracking all operations (new objects, deletion, rename, move, etc.) seems feasible, except group membership change.
The problem: When user's membership changes, the user's object's is not modified (uSNChanged is not modified), instead, the group object's uSNChanged is incremented. All we know is, there was a change in the group. To find out which user's membership really changed, I must download and enumerate the entire member set (, that can be more thousands in our case).
Is there a way to retrieve only the changed members?
