?
Solved

Slow powershell script....any way to speed it up?

Posted on 2010-08-22
7
Medium Priority
?
2,053 Views
Last Modified: 2012-08-13
I use the Quest AD cmdlets to update certain AD attributes, but I've noticed the script is "slow" (takes approx. 1-2 seconds per AD object). I'm updating 600+ AD objects and @ 1-2 seconds per object, the time adds up. I'm wondering if someone can tell me if this is normal or there's a more efficient way to rewrite my script. I noticed that when the script updates an object, the shell window shows/scrolls a list of attributes for the object (I'd assume the default properties). That's why I used the "-IncludedProperties" switch to see if that made a difference since I'm only targeting a handful of attributes...I know this switch works for the Get-QADUser but not sure if it's working for the Set-QADUser.
# Read source TXT file
$users = Get-Content -Path 'C:\users.txt'

# Look through each of the users and set AD attributes
foreach($user in $users){
	Set-QADUser -Identity $user -IncludedProperties mail,department -ObjectAttributes @{mail='something';department='something'}
	}

Open in new window

0
Comment
Question by:bndit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 42

Accepted Solution

by:
sedgwick earned 600 total points
ID: 33498905
Set-QADUser does return output after successfully completing.  If you'd like to have it not display the output on screen just assign the Set-QADUser command output to $null.

$null = Set-QADUser -Identity $user -IncludedProperties mail,department -ObjectAttributes @{mail='something';department='something'}

(taken from http://www.powergui.org/thread.jspa?messageID=32130)
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33498910
that alone should decrease time span of Set-QADUser
0
 
LVL 13

Assisted Solution

by:soostibi
soostibi earned 600 total points
ID: 33498942
Maybe, the other factor that can speed up the script is to create a permanent conenction to AD:

$c = Connect-QADService -Service yourdc.youdomain.com:389

And with this where you use Set-QADUser use the connection parameter, and maybe you do not have to use the -includedproperties parameter at all, but you should compare the two versions. The output can also be suppressed by converting the result to [void]:

[void] (Set-QADUser -Connection $c -Identity $user -ObjectAttributes @{mail='something';department='something'} )
       
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 42

Expert Comment

by:sedgwick
ID: 33498957
@soostibi

>>The output can also be suppressed by converting the result to [void]:

which is the same as assign the result to $null...
0
 
LVL 2

Author Comment

by:bndit
ID: 33507250
Thank you both of you; your suggestions really helped and sped up my script although I found that the [void] approach reduced the execution time to 5secs per $user while the $null approach reduced it to 12secs per $user.

@soostibi

The only thing that I didn't use from your suggestion was the "permanent connection" to AD. However, I do my connection outside the ForEach block (see the attached code), and I'm wondering if doing the connection to AD as you suggest would help even more to reduce the execution time.


# Connect to Active Directory provider.
$pwd = Read-Host "Enter Password: " -AsSecureString
$DC = 'DC.domain.com:386'
$connAccount = 'ADAccount'

Connect-QADService -service $DC -ConnectionAccount $connAccount -ConnectionPassword $pwd

ForEach <...>

[void] (Set-QADUser -Identity $user -ObjectAttributes @{mail='something';department='something'} ) 

# Disconnect from Active Directory provider.
Disconnect-QADService

Open in new window

0
 
LVL 13

Expert Comment

by:soostibi
ID: 33508392
But use it as I did. So put the result of the connect-qadservice to a variable, and use it at Set-QADUser with -connection parameter. If you do not do this, the Set-QADUser may create a connection every time.
0
 
LVL 2

Author Comment

by:bndit
ID: 33508407
Ok, I'll try that. Thanks again.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question