优化Get-ADUser过滤器 [英] Optimize Get-ADUser filter
问题描述
在AD中,我试图识别在2条或更多条记录中填充了相同EmployeeID值的用户帐户.以下是我的一段代码(信贷:我正在使用 ="https://www.powershellgallery.com/packages/Show-Progress/0.0.1定义的 Show-Progress 函数/Content/Show-Progress.psm1"rel =" nofollow noreferrer>此处),仅 Get-ADUser 命令已花费了2个多小时来提取所有记录.其他步骤(2到5)非常快.当我完成工作时,我想知道如果使用PowerShell可以更有效地完成这项工作.
Get-ADUser -LDAPFilter"(&((ObjectCategory = Person)(objectclass = user)(employeeid = *))"-属性$ properties-服务器$ server_AD_GC -ResultPageSize 1000 |#*在这里发行*#Get-ADUser提取过程似乎非常缓慢.#但是,请务必注意,上述命令将检索超过200K条记录#注意:我推断employeeid是一个索引属性,并被复制到GlobalCatalogs,因此已在过滤器中使用它Show-Progress -Activity(1/5)获取AD用户..."|选择$ selectPropsList -OutVariable results_UsersBaseSet |组对象EmployeeID |Show-Progress -Activity(2/5)在EmployeeID上分组..."|?{$ _.Count -gt 1} |Show-Progress -Activity(3/5)仅过滤dup EmpID记录..."|选择-Exp组|Show-Progress -Activity(4/5)取消分组..."|Export-Csv"C:\ Users \ me \ op_GetADUser_w_EmpID_Dupes_EntireForest-$([datetime] ::: Now.ToString("MM-dd-yyyy_hhmmss")).csv"-NoTypeInformation |Show-Progress -Activity(5/5)导出中..."|空空 PS:我还尝试过首先将所有用户帐户导出到一个csv文件,然后使用Excel进行后处理,但是由于数据集的大小,而且时间和内存都非常紧缩,我不得不皱眉头./p>
任何建议都值得赞赏.
由于我们不知道 $ properties 或 $ selectPropsList 中的内容,因此您的问题确实是只是要找出向哪个用户发出了相同的EmployeeID,对吗?
默认情况下,Get-ADUser已经返回以下属性:
专有名称,启用, GivenName , Name , ObjectClass , ObjectGUID , SamAccountName , SID ,姓氏, UserPrincipalName
因此,您所需要的就是我想的EmployeeID.尝试收集很多物产的确会减慢速度,因此将其减少到最低限度有助于加快处理速度.
接下来,通过使用链接到的 Show-Progress 脚本,您将大大降低脚本的执行速度.您是否真的需要进度条?为什么不直接将带有活动步骤的行直接写到控制台呢?
此外,将所有内容整理在一起对速度部门也无济于事.
$ server_AD_GC ='YourServer'$ selectPropsList ='雇员ID','名称','SamAccountName','启用'$ outFile =" C:\ Users \ me \ op_GetADUser_w_EmpID_Dupes_EntireForest-$([datetime] :: Now.ToString(" MM-dd-yyyy_hhmmss")).csv"写主机步骤(1/4)获取AD用户...".$ users = Get-ADUser -Filter" EmployeeID -like'*'"-属性EmployeeID-服务器$ server_AD_GC -ResultPageSize 1000写入主机在EmployeeID上分组的步骤(2/4)...".$ dupes = $ users |组对象-属性EmployeeID |哪里对象{$ _.Count -gt 1}写主机步骤(3/4)收集重复...".$ result = foreach($ group中的$ group){$ group.Group |选择对象$ selectPropsList}写主机步骤(4/4)导出...".$ result |Export-Csv-路径$ outFile -NoTypeInformation写主机全部完成".-前景颜色绿色 P.S. Get-ADUser 已经仅返回用户对象,因此不需要LDAP过滤器(ObjectCategory = Person)(objectclass = user).使用 -Filter"EmployeeID -like'*'" 可能更快
In AD, I'm trying to identify user accounts where the same EmployeeID value is populated in 2 or more records. Below is my piece of code (Credit: I'm using a Show-Progress function defined here) and the Get-ADUser command alone has taken more than 2 hours to fetch all the records. The other steps (2 to 5) have been pretty quick. While I've completed the work, I'm trying to know if this could've been done more efficiently with PowerShell.
Get-ADUser -LDAPFilter "(&(ObjectCategory=Person)(objectclass=user)(employeeid=*))" -Properties $properties -Server $server_AD_GC -ResultPageSize 1000 |
# *ISSUE HERE*
# The Get-ADUser extract process seems to work very slow.
# However, it is important to note that the above command will be retrieving more than 200K records
# NOTE: I've inferred that employeeid is an indexed attribute and is replicated to GlobalCatalogs and hence have used it in the filter
Show-Progress -Activity "(1/5) Getting AD Users ..." |
select $selectPropsList -OutVariable results_UsersBaseSet |
Group-Object EmployeeID |
Show-Progress -Activity "(2/5) Grouping on EmployeeID ..." |
? { $_.Count -gt 1 } |
Show-Progress -Activity "(3/5) Filtering only dup EmpID records ..." |
select -Exp Group |
Show-Progress -Activity "(4/5) UnGrouping ..." |
Export-Csv "C:\Users\me\op_GetADUser_w_EmpID_Dupes_EntireForest - $([datetime]::Now.ToString("MM-dd-yyyy_hhmmss")).csv" -NoTypeInformation |
Show-Progress -Activity "(5/5) Exporting ..." |
Out-Null
PS: I've also tried to first export all the user accounts to a csv file and then post-process with Excel but I had to frown because of the size of the dataset and it was both time and memory crunching.
Any suggestion is highly appreciated.
Since we don't know what is in $properties or $selectPropsList, your question is really only about finding out to which users the same EmployeeID has been issued, right?
By default, Get-ADUser already returns these properties:
DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
So all you need extra is the EmployeeID I guess. Trying to collect LOTS of properties does slow down, so keeping this to a bare minimum helps to speed things up.
Next, by using the Show-Progress script you have linked to, you will slow down the execution of the script considerably. Do you really need to have a progress bar?
Why not simply write the lines with activity steps directly to the console?
Also, piping everything together doesn't help in the speed department either..
$server_AD_GC = 'YourServer'
$selectPropsList = 'EmployeeID', 'Name', 'SamAccountName', 'Enabled'
$outFile = "C:\Users\me\op_GetADUser_w_EmpID_Dupes_EntireForest - $([datetime]::Now.ToString("MM-dd-yyyy_hhmmss")).csv"
Write-Host "Step (1/4) Getting AD Users ..."
$users = Get-ADUser -Filter "EmployeeID -like '*'" -Properties EmployeeID -Server $server_AD_GC -ResultPageSize 1000
Write-Host "Step (2/4) Grouping on EmployeeID ..."
$dupes = $users | Group-Object -Property EmployeeID | Where-Object { $_.Count -gt 1 }
Write-Host "Step (3/4) Collecting duplicates ..."
$result = foreach ($group in $dupes) {
$group.Group | Select-Object $selectPropsList
}
Write-Host "Step (4/4) Exporting ..."
$result | Export-Csv -Path $outFile -NoTypeInformation
Write-Host "All done" -ForegroundColor Green
P.S. Get-ADUser already returns user objects only, so there is no need for the LDAP filter (ObjectCategory=Person)(objectclass=user). Using -Filter "EmployeeID -like '*'" is probably faster
这篇关于优化Get-ADUser过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
