Question:
I’m trying to develop a powershell script to help with AD Group Membership management. We have a handful of large groups (30k-60k+ objects) that we want to update with data from another system.
The script loads the objects that should be in the group from a text file. Each object then has to located in AD using a System.DirectoryServices.DirectorySearcher. After that each object is added to the group membership.
The script spends some 80% of its time looking up each object, is there a bulk way to find objects in AD with powershell?
Thanks!
Answer:
This is the fast way to query AD that I found in my experience, you need to change the query to find specific objects, in this code you’ll find all user/person object in $objRecordSet.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
$Ads_Scope_SubTree = 2 $objConnection = new-Object -com "ADODB.Connection" $objCommand = new-Object -com "ADODB.Command" $objConnection.Provider = "ADsDSOObject" $objConnection.Open( "Active Directory Provider") $objCommand.ActiveConnection = $objConnection $objCommand.Properties.Item("Page Size").value = 1000 $objCommand.Properties.item("Searchscope").value = $Ads_Scope_SubTree $objCommand.CommandText = "Select Name From 'LDAP://DC = int, DC= my, DC = local' Where objectCategory = 'Person'" $objRecordSet = $objCommand.Execute() $objRecordSet.RecordCount |
More info here