remove user from large policy group using ldap

How to effectively remove user from large policy group?
Now i use:
dirEntry = new DirectoryEntry(
dirEntry.Properties["msDS-PSOAppliesTo"].Remove(userDn);

problem: dirEntry only holds upto 1500 users. i have more than 1M users so i have to loop over using paging untill i find entry that holds the user, and only then call Remove(userDn). IT TAKES TO LONG, HOW DO I REMOVE THE USER POLICY MORE EFFECTIVELY?

CURRENT UNEFFECTIVE CODE:

DirectoryEntry dirEntry = null;
string LDAPQuery = LDAP_INIT + "CN=" + policy + ",CN=Password Settings Container,CN=System," + LDAP;
dirEntry = new DirectoryEntry(LDAPQuery, DOMAIN + "\\" + ADS_ADMIN.userName, ADS_ADMIN.pwd);
dirEntry.AuthenticationType = AuthenticationTypes.Secure;
int ctr = 0;
while (ctr < 1000)
{
if (ctr == 0)
  dirEntry.RefreshCache(new string[] { "msDS-PSOAppliesTo;range=0-1000" });
else
  dirEntry.RefreshCache(new string[] { "msDS-PSOAppliesTo;range=" + ((ctr * 1000) + 1).ToString() + "-" + ((ctr + 1) * 1000).ToString() });
if (dirEntry.Properties["msDS-PSOAppliesTo"].Contains(userDn))
{
  dirEntry.Properties["msDS-PSOAppliesTo"].Remove(userDn);
  dirEntry.CommitChanges();
  break;
}
ctr++;
}

Re: remove user from large policy group using ldap

You can remove the group from the memberof property of the user. You will need the DistinguishedName of the group as the GroupName

dirEntry.Properties["memberOf"].Remove(GroupName);

Re: remove user from large policy group using ldap

Not working, in ldap Member-of is read-only property

Re: remove user from large policy group using ldap

Seemed like that would work. Guess not. When I am adding/removing users from groups I normally use DE.Invoke("Remove", UserDistinguishedName). According to this link it will work and you should not have to loop through the members.