Solved

Optimize Powershell (Quest AD) script to populate AD group

Posted on 2011-09-14
3
873 Views
Last Modified: 2012-05-12
Hello,

I have a script that I'd like to use to maintain distribution groups in Active Directory current. I search for a keyword in the title AD attribute and then I add the member to the group. My script works, but it seems that it's taking a little while to complete. I've used the [void] types in an attempt to speed up the script but still slow especially when adding 1000+ users to the group. Another area where my script might be slow is in the fact that I "rebuild" the group every time....in other words, I clear it first and then add the members all over again.

I'm looking to see if someone out there can provide me with tips on how to speed up this script. Thanks.
# Params
$filter = "(title=*keyword*)"
$scope = 'dc=domain,dc=local'
$Group = Get-QADGroup -Identity "My-Group"

# Clear group
[void](Set-QADGroup -Identity $Group.DN -Member $NULL)

# Get all enabled Active Directory accounts
$Searcher = Get-QADUser -Enabled -SearchRoot $scope -IncludedProperties title -LdapFilter $filter  -SizeLimit 0

# Add each account to the specified group
$Searcher | ForEach-Object {
	[void](Add-QADGroupMember -Identity $Group.DN -Member $_.DN )
	}

Open in new window

0
Comment
Question by:bndit
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
Dale Harris earned 250 total points
ID: 36539680
I noticed you're not piping anything. This should speed things up a little.  Since the actual VOID of the group is pretty much instant, we won't save much time there.

$filter = "(title=*keyword*)"
$scope = 'dc=domain,dc=local'
$Group = Get-QADGroup -Identity "My-Group"

# Clear group
[void](Set-QADGroup -Identity $Group.DN -Member $NULL)

# Get all enabled Active Directory accounts and add them to the group
Get-QADUser -Enabled -SearchRoot $scope -IncludedProperties title -LdapFilter $filter  -SizeLimit 0 | %{Add-QADGroupMember -Identity $Group.DN -Member $_.DN}

It would help if you were able to reduce the amount of Users that come up via a smaller OU starting point.  The LDAPFilter still has to be applied to every single user found.  If you had only 300 users to search through instead of 5000, that would save the time.  Try to see if you can get as granular as possible without having to go through AD.   You have it pretty much figured out though.

HTH,
Dale Harris
0
 
LVL 2

Author Comment

by:bndit
ID: 36539815
Thanks Dale....unfortunately, I have to crawl the entire AD domain because OU are not in place at the time, but I totally agree with you. Once the OU structure is in place I'll tweak the script to target smaller user sets. I made the change and seems to be working Ok...not sure how much "faster" it is but I'll go with your suggestion.

Thanks again.
0
 
LVL 2

Author Closing Comment

by:bndit
ID: 37149378
thank you.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Set OWA language and time zone in Exchange for individuals, all users or per database.
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question