Here is my analysis on AD a decade ago, so I am not sure it is true anymore.
As you know that AD contains 'everything', so to speak. Then, there are many AD DC (Domain Controller) in the environment, most likely. AD DC replicate each other every hour (configurable). Unfortunately, we can only tap into one of the DC and this DC received update from many other DCs. And on top of that each DC maintain each own uSNChanged value.
uSNChanged value (the one that is usually used in the AD CDC persistent store) would changed if anything changed in the AD. Therefore, technically, AD is really sending a true delta, like you wish, but 80% (very conservative number) has nothing to do with the one (user data) that you need.
Now, talking about "...I do need the CDC for the immediate response requirements..."
That is a bogus requirement. Yeah, yeah, the customer say so, but in our world customer is not always right. I did mentioned that "AD DC replicate each other every hour (configurable)", right? So, technically, AD DC itself is violating the requirement to get immediate response from other DC.
How could they asked you to provide an immediate response if the source that you read could be 1 hour late?
So, the argument that I usually use is by asking 'how long does it take for AD DC to replicate?' then I configure TDI to schedule iterator at the same time period.
And last... treat yourself a beer if the customer agree to it, because this decision will safe you (and your customer) from future maintenance nightmare.
:-) Rgds. YN.