shalan
Reputation: 25
Get-ADUser takes too long when filtering and using IF ELSE statements
A while ago I've posted a question about exporting specific users information from AD to .CSV file (here).
Thanks to the help of Santiago Squarzon I managed to make it work and filter just the way I want, except for one small detail - it takes the script 13 hours to finish executing.
I modified some filters, removed one if statement and reduced that time to around 8.5h, but it's still unacceptable for me.
Short summary: I want to export all (enabled) AD users with employee number attribute present. If it's not present, then to check other attribute and so on, total of 5 nested if statements. Then export it to a .CSV file.
Could you take a look at below part of the code and help optimizing it? I believe there is around 150k user accounts to check.
$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name + ".csv"
$param = @{
LDAPFilter = "(&(!extensionAttribute9=0)(!employeenumber=svc)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
ResultPageSize = 500
Properties = @(
'businesscategory'
'extensionAttribute4'
'extensionAttribute9'
'extensionAttribute13'
'employeenumber'
)
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
$param['Server'] = $_
foreach($user in Get-ADUser @param) {
if($user.EmployeeNumber -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_ # Adding the Domain of this user here
}} else {
if($user.businesscategory -ne $null) {
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute4 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute9 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute13 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.SamAccountName -like "*_A*"){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}}
}
}
}
}
}
}
} | Export-Csv "$env:userprofile\Documents\$filename" -Delimiter ';' -NoTypeInformation
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' are (I believe) 4 different sub-domains in one domain tree: domain1.test.com, domain2.test.com etc.
Upvotes: 1
Views: 252
Answers (1)
Santiago Squarzon
Reputation: 60145
Not meant as an answer but to prove a point, will delete after.
$user = [pscustomobject]@{
SamAccountName = '_A'
EmployeeNumber = $null
businesscategory = $null
extensionAttribute4 = $null
extensionAttribute9 = $null
extensionAttribute13 = $null
}
# your code
if($user.EmployeeNumber -ne $null){ $user }
else { if($user.businesscategory -ne $null) { $user }
else { if($user.extensionAttribute4 -ne $null){ $user }
else { if($user.extensionAttribute9 -ne $null){ $user }
else { if($user.extensionAttribute13 -ne $null){ $user }
else { if($user.SamAccountName -like "*_A*"){ $user }}}}}}
# can be reduced to one condition
# (Not implying this is faster)
if(
$user.EmployeeNumber -or
$user.businesscategory -or
$user.extensionAttribute4 -or
$user.extensionAttribute9 -or
$user.extensionAttribute13 -or
$user.SamAccountName -like "*_A*"
) {
$user
}
# but above can be translated to the following LDAP Filter, which is faster
(|
(EmployeeNumber=*)
(businesscategory=*)
(extensionAttribute4=*)
(extensionAttribute9=*)
(extensionAttribute13=*)
(SamAccountName=*_A*)
)
Upvotes: 1
Related Questions
- Filtering multiple users with get-aduser
- Get-ADUser with multiple filters & variables
- Slow Get-ADUser query
- Powershell | Speed up Running Get-ADUser in Powershell jobs
- Using Variables in Powershell Get-ADUser -Filter
- Optimize Get-ADUser filter
- Optimal way of finding a user in AD (Get-ADUser) based on different input
- Incredibly slow running Get-ADUser Array - Can I speed it up?
- set-aduser takes too long
- Getting better performance when searching for accounts