This operation returned because the timeout period expired error

Question

I extract a list of departments from AD like this using PowerShell:

$departments = Get-ADUser -Filter * -Property Department |
               Where-Object { $_.Department } |
               Select -Expand Department -Unique

With that list I validate my user input like this:

do {
    $Dept = Read-Host "Enter the desired department"
} until ($departments -contains $Dept)
$strFilter = "(&(objectCategory=User)(Department=*$Dept*))"
$colResults = Get-ADUser -LDAPFilter $strFilter |
              Select-Object -Expand DistinguishedName

But I am getting the following error message:

Get-ADUser : This operation returned because the timeout period expired 
At line:5 char:15 + $colResults = Get-ADUser -LDAPFilter $strFilter | 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException 
+ FullyQualifiedErrorId : This operation returned because the timeout period
  expired,Microsoft.ActiveDirectory.Management.Commands.GetADUser

What parameter I have to change in order to get over this timeout error?

Answer 1

Don't use (Department=*$Dept*) - you already know that an exact match exists for $Dept - (Department=$Dept) is sufficient

*$Dept* on the other hand prompts the DSA to inspect every single object in scope, not just for an exact match of $Dept but also whether a Department attribute value starts with, ends with or contains $Dept