ADSI is a specialized directory, whereas LDAP is very general. ADSI does less than LDAP. The book _Understanding and Deploying LDAP Directory Services_ , which I would recommend not buying, characterizes ADSI as a "NOS-based directory... developed specifically to serve the needs of a network operating system."
My question is whether the yes/no answer is really that slow. I am using it in an application with over a million objects and over 150K users. I'm not using groups, however, there is no special distinction anymore between users, groups, etc, they are all objects.
I actually create private groups by setting the context_id of an object to the user_id.
It should be pointed out that having a permissioning system, and using one are two different things. Developers should carefully decide how to control access to database objects.
As and example in ACS: access to the admin pages, and thus all the objects accessible there is controlled by only a few permission records.
