Hi,

We are working on Active Directory synchronization with our application. We fetch users from certain groups. In first run all users will be fetched and synchronized, but next time onwards we want to fetch only changeset. i.e. users whose properties are updated or users who are added in some group. We can fetch updated users using whenChanged attribute. But if some user is added in a group, then user object is not updated, but group object is updated. We are not able to find out from group object what is changed after certain date. We are using LDAP to query Active Directory. Is there any way to fetch changes in group membership? Please suggest.

Thanks,
Rashmi