WLC 4404 Integration with Microsoft AD can work but could you telll me what kind of radius-server are you using for wireless authentication? If the server is Cisco ACS, ACS does check with AD for every authentication (as does the controller); it does not cache the information. You should be able to go into Microsoft to turn on audit trail for successful & failed authentications. If you see AD being hit for every authentication, it would be Microsoft that would be causing the lag.