Optimize Powershell (Quest AD) script to populate AD group

Hello,

I have a script that I'd like to use to maintain distribution groups in Active Directory current. I search for a keyword in the title AD attribute and then I add the member to the group. My script works, but it seems that it's taking a little while to complete. I've used the [void] types in an attempt to speed up the script but still slow especially when adding 1000+ users to the group. Another area where my script might be slow is in the fact that I "rebuild" the group every time....in other words, I clear it first and then add the members all over again.

I'm looking to see if someone out there can provide me with tips on how to speed up this script. Thanks.
# Params
$filter = "(title=*keyword*)"
$scope = 'dc=domain,dc=local'
$Group = Get-QADGroup -Identity "My-Group"

# Clear group
[void](Set-QADGroup -Identity $Group.DN -Member $NULL)

# Get all enabled Active Directory accounts
$Searcher = Get-QADUser -Enabled -SearchRoot $scope -IncludedProperties title -LdapFilter $filter  -SizeLimit 0

# Add each account to the specified group
$Searcher | ForEach-Object {
	[void](Add-QADGroupMember -Identity $Group.DN -Member $_.DN )
	}

Open in new window

LVL 2
bnditAsked:
Who is Participating?
 
Dale HarrisConnect With a Mentor Professional Services EngineerCommented:
I noticed you're not piping anything. This should speed things up a little.  Since the actual VOID of the group is pretty much instant, we won't save much time there.

$filter = "(title=*keyword*)"
$scope = 'dc=domain,dc=local'
$Group = Get-QADGroup -Identity "My-Group"

# Clear group
[void](Set-QADGroup -Identity $Group.DN -Member $NULL)

# Get all enabled Active Directory accounts and add them to the group
Get-QADUser -Enabled -SearchRoot $scope -IncludedProperties title -LdapFilter $filter  -SizeLimit 0 | %{Add-QADGroupMember -Identity $Group.DN -Member $_.DN}

It would help if you were able to reduce the amount of Users that come up via a smaller OU starting point.  The LDAPFilter still has to be applied to every single user found.  If you had only 300 users to search through instead of 5000, that would save the time.  Try to see if you can get as granular as possible without having to go through AD.   You have it pretty much figured out though.

HTH,
Dale Harris
0
 
bnditAuthor Commented:
Thanks Dale....unfortunately, I have to crawl the entire AD domain because OU are not in place at the time, but I totally agree with you. Once the OU structure is in place I'll tweak the script to target smaller user sets. I made the change and seems to be working Ok...not sure how much "faster" it is but I'll go with your suggestion.

Thanks again.
0
 
bnditAuthor Commented:
thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.