Slow powershell script....any way to speed it up?

Posted on 2010-08-22
Last Modified: 2012-08-13
I use the Quest AD cmdlets to update certain AD attributes, but I've noticed the script is "slow" (takes approx. 1-2 seconds per AD object). I'm updating 600+ AD objects and @ 1-2 seconds per object, the time adds up. I'm wondering if someone can tell me if this is normal or there's a more efficient way to rewrite my script. I noticed that when the script updates an object, the shell window shows/scrolls a list of attributes for the object (I'd assume the default properties). That's why I used the "-IncludedProperties" switch to see if that made a difference since I'm only targeting a handful of attributes...I know this switch works for the Get-QADUser but not sure if it's working for the Set-QADUser.
# Read source TXT file
$users = Get-Content -Path 'C:\users.txt'

# Look through each of the users and set AD attributes
foreach($user in $users){
	Set-QADUser -Identity $user -IncludedProperties mail,department -ObjectAttributes @{mail='something';department='something'}

Open in new window

Question by:bndit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 42

Accepted Solution

sedgwick earned 150 total points
ID: 33498905
Set-QADUser does return output after successfully completing.  If you'd like to have it not display the output on screen just assign the Set-QADUser command output to $null.

$null = Set-QADUser -Identity $user -IncludedProperties mail,department -ObjectAttributes @{mail='something';department='something'}

(taken from
LVL 42

Expert Comment

ID: 33498910
that alone should decrease time span of Set-QADUser
LVL 13

Assisted Solution

soostibi earned 150 total points
ID: 33498942
Maybe, the other factor that can speed up the script is to create a permanent conenction to AD:

$c = Connect-QADService -Service

And with this where you use Set-QADUser use the connection parameter, and maybe you do not have to use the -includedproperties parameter at all, but you should compare the two versions. The output can also be suppressed by converting the result to [void]:

[void] (Set-QADUser -Connection $c -Identity $user -ObjectAttributes @{mail='something';department='something'} )
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

LVL 42

Expert Comment

ID: 33498957

>>The output can also be suppressed by converting the result to [void]:

which is the same as assign the result to $null...

Author Comment

ID: 33507250
Thank you both of you; your suggestions really helped and sped up my script although I found that the [void] approach reduced the execution time to 5secs per $user while the $null approach reduced it to 12secs per $user.


The only thing that I didn't use from your suggestion was the "permanent connection" to AD. However, I do my connection outside the ForEach block (see the attached code), and I'm wondering if doing the connection to AD as you suggest would help even more to reduce the execution time.

# Connect to Active Directory provider.
$pwd = Read-Host "Enter Password: " -AsSecureString
$DC = ''
$connAccount = 'ADAccount'

Connect-QADService -service $DC -ConnectionAccount $connAccount -ConnectionPassword $pwd

ForEach <...>

[void] (Set-QADUser -Identity $user -ObjectAttributes @{mail='something';department='something'} ) 

# Disconnect from Active Directory provider.

Open in new window

LVL 13

Expert Comment

ID: 33508392
But use it as I did. So put the result of the connect-qadservice to a variable, and use it at Set-QADUser with -connection parameter. If you do not do this, the Set-QADUser may create a connection every time.

Author Comment

ID: 33508407
Ok, I'll try that. Thanks again.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question