Hello,
With an Active Directory 2003 domain we configured a synchronization job that should only synchronize one User Account. For that we set the canonical name filter.
Synchronizing only this one entry takes exceptionally long, about 40 minutes.
The issue does not seem to be network reachability, ping and regular ldap browsing are fast, DNS is working well also.
The Active Directory is pretty large though with over 100.000 user entries and over 1.000 containers, so a search over the whole AD would take time.
When checking the NsProviderTraceLog file, it's astonishing to me that over 20 minutes of the synchronization time pass with loading the schema.
Why is the Sync Job loading the schema at all? The schema for the domain has been initially loaded already. Can this part of the Sync Job be deactivated?
And is there a way to reduce the time for the actual synchronization itself? 15 minutes for synchronizing one single entry seems too long to me also. I wonder if maybe the ldap requests do not make good use of the canonical name filter.
I have attached the NsProviderTraceLog with little fixes to protect the not so innocent 
Best regards,
Michael