I am the Head of IT for the customer side.
Laserfiche is the product selected to replace a file server used by the company for several years.
With a basic file server, you have ACL granting access to AD users or AD groups to certain folders, subfolders or files and with the "hierarchy" principle.
Every auditing solution or even small "permissions reporter" tool is able to scan through the whole file server structure and report on the ACL rights configured "AT THE TIME OF THE REPORT".
None of these small tools is generating any AD requests as they simply take the information for granted.
As a side comment, we aren't using a typical Windows File Server but a NetApp filer (with CIFS features) and the same ACL reports are possible with that solution.
For various reasons (security, legal, client requirements...etc...) we have to report on the ACL:
* every month for IT reviews
* every 6 months for Global Company reviews
* every year for Legal / Certification requirements
* ad-hoc for client requests
At the moment, all these requests can be done in a few minutes with a small tool and with the file server structure.
By relocating all the data over to Laserfiche, we have asked to obtain the same reporting options and deliver the same reporting capacity than with our current NetApp filer / CIFS structure / Permissions Reports.
However, as of today, this is possible because we are facing performances issues, reporting issues, unnecessary AD requests...etc...
Similar to a file server, all the information exists in Laserfiche and there is NO NEED to query anything with any other component as we only want to report at the time of the execution.
At worst, I could see an option from Laserfiche saying: do you want to query for group members/nested group members, like other tools are offering, but without that choice, only the name of users/groups per folder would be required.
We are therefore asking LF to simply provide an ACL report from the data configured inside LF and nothing else.
With a small tool, the reports gets generated in a few minutes for the entire folders structure (and a limit to a hierarchy of 3 levels), if the report is possible, we would then also like to compare the performances with LF to generate such report.