Solved

Get SamAccountName from Name with Powershell

Posted on 2014-10-08
7
509 Views
Last Modified: 2014-10-09
Hi EE

I have about 80k names that I need to pull the SamAccountName for each ..

The way below took like 20 mins and I stopped it .. it had only pulled for 2000 accounts .. Can someone help me on making this
better with PS? I know this is not the best way ..

$Name = get-content C:\:Powershell\Names.txt
 $Name | Foreach {

 get-qaduser -Name $_
 } | Select samaccountname,Name,canon* | Export-csv SamAccountnames.csv -nti
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40369890
Have you tried dsquery.exe as it is faster.  Run the following:

squery * -filter "&(objectClass=person)(objectCategory=user)" -attr cn samaccountname -limit 0 > samaccounts.txt
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 40369898
Hi Mohammed ..thank you for the tip .. Ideally I would like it to be PowerShell ..
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40369904
I see you are using get-qaduser which is using Quest AD modules.  Do you Win2008 or Win2003?  If you have Win2008 or higher, you could try get-aduser which I have found to be faster.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Expert Comment

by:Learnctx
ID: 40369957
Part of the problem is you're doing 80,000 LDAP sequential LDAP calls. So straight off the bat your efficiency sucks. You would be better off potentially doing 1 single LDAP call and bringing back all of the user accounts with the properties you want. I would do it more like this (I don't use the Quest cmdlets so you will need to modify for those).

$Name = get-content C:\:Powershell\Names.txt
Get-ADUser -Filter * -Properties CanonicalName | Where-Object {$Name -contains $_.sAMAccountName} | Select samaccountname,Name,canon* | Export-csv SamAccountnames.csv -nti

Open in new window


20 minutes for 2,000 users seems excessive though. I would look at the performance of your Domain Controllers or look at using something other than the Quest cmdlets if they perform so slowly (either the PowerShell cmdlets or just .NET LDAP lookup). In my testing I am able to pull back 150,000 objects in 3 minutes using the AD cmdlets and export them to CSV.
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 40369973
Thanks Learnctx ... This is definitely way better .. I appreciate the info ... If I only need the SAmAccountName in the outfile ..

how would you modify your script ?
0
 
LVL 17

Accepted Solution

by:
Learnctx earned 500 total points
ID: 40370035
If you just want the sAMAccountName attribute then just remove Name and CanonicalName from the Select.
$Name = get-content C:\:Powershell\Names.txt
Get-ADUser -Filter * | Where-Object {$Name -contains $_.sAMAccountName} | Select samaccountname | Export-csv SamAccountnames.csv -nti

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40370934
Thank you .. much better then what I was doing .
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question