This might be specific to my Windows Server environment and PoSH scripting, but using -SeachBase
with PowerShell's Get-ADComputer
gives me faster results. You can use this for your own advantage, here is a little example to speed up AD DS queries.
Optimize performance of Active Directory Domain Services (AD DS) queries via PowerShell
Imagine the scenario where you need to get a list of servers connected to your Active Directory Domain. Because you need a specific set of servers, for example only web servers, or only Windows Server 2019, you use conditions.
In PowerShell you can easily accomplish this using Get-ADComputer
:
PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and (OperatingSystem -like "Windows Server 2019*")}).DNSHostName
nyc-srv-320.example.net
nyc-srv-321.example.net
nyc-srv-322.example.net
nyc-srv-323.example.net
nyc-srv-324.example.net
nyc-srv-325.example.net
PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName
la-srv-280.example.net
la-srv-285.example.net
la-srv-279.example.net
la-srv-284.example.net
la-srv-281.example.net
la-srv-292.example.net
la-srv-282.example.net
la-srv-283.example.net
[!snip!]
la-srv-350.example.net
nyc-srv-302.example.net
nyc-srv-303.example.net
nyc-srv-304.example.net
nyc-srv-305.example.net
nyc-srv-306.example.net
nyc-srv-307.example.net
nyc-srv-308.example.net
nyc-srv-309.example.net
[!snip!]
nyc-srv-350.example.net
WMI Filters for Group Policy to manage Windows Server versions
In this example, there is a small performance gain in using a -SearchBase
parameter. But first, what does SearchBase? The Get-ADComputer cmdlet documentation describes:
-SearchBase
Specifies an Active Directory path to search under.When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.
When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services target, the default value of this parameter is the default naming context of the target domain.
When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.
When the value of the SearchBase parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a global catalog port, an error is thrown.
Using Measure-Command{}
you can see how long a command takes. The Measure-Command cmdlet runs a script block or cmdlet internally, times the execution of the operation, and returns the execution time.
Let's wrap the Get-ADComputer
command in a Measure-Command{}
block:
PS C:\Users\janreilink> Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))} -SearchBase "OU=Webservers,OU=Computers,DC=global,DC=example,DC=net").DNSHostName }
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 44
Ticks : 447605
TotalDays : 5.18061342592593E-07
TotalHours : 1.24334722222222E-05
TotalMinutes : 0.000746008333333333
TotalSeconds : 0.0447605
TotalMilliseconds : 44.7605
Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName }
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 75
Ticks : 758727
TotalDays : 8.7815625E-07
TotalHours : 2.107575E-05
TotalMinutes : 0.001264545
TotalSeconds : 0.0758727
TotalMilliseconds : 75.8727
As you can see, in this particular example the gain is roughly 30ms. It may not be much, but every little speed increase counts, right :)