Use -SearchBase with Get-ADComputer for faster results

Using -SeachBase with PowerShell's Get-ADComputer gives me faster results with AD DS queries.
Published on Thursday, 15 August 2019

This might be specific to my Windows Server environment and PoSH scripting, but using -SeachBase with PowerShell's Get-ADComputer gives me faster results. You can use this for your own advantage, here is a little example to speed up AD DS queries.


Optimize performance of Active Directory Domain Services (AD DS) queries via PowerShell

Imagine the scenario where you need to get a list of servers connected to your Active Directory Domain. Because you need a specific set of servers, for example only web servers, or only Windows Server 2019, you use conditions.

In PowerShell you can easily accomplish this using Get-ADComputer:

PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and (OperatingSystem -like "Windows Server 2019*")}).DNSHostName
nyc-srv-320.example.net
nyc-srv-321.example.net
nyc-srv-322.example.net
nyc-srv-323.example.net
nyc-srv-324.example.net
nyc-srv-325.example.net
PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName
la-srv-280.example.net
la-srv-285.example.net
la-srv-279.example.net
la-srv-284.example.net
la-srv-281.example.net
la-srv-292.example.net
la-srv-282.example.net
la-srv-283.example.net
[!snip!]
la-srv-350.example.net
nyc-srv-302.example.net
nyc-srv-303.example.net
nyc-srv-304.example.net
nyc-srv-305.example.net
nyc-srv-306.example.net
nyc-srv-307.example.net
nyc-srv-308.example.net
nyc-srv-309.example.net
[!snip!]
nyc-srv-350.example.net

WMI Filters for Group Policy to manage Windows Server versions

In this example, there is a small performance gain in using a -SearchBase parameter. But first, what does SearchBase? The Get-ADComputer cmdlet documentation describes:

-SearchBase
Specifies an Active Directory path to search under.

When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.

When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services target, the default value of this parameter is the default naming context of the target domain.

When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.

When the value of the SearchBase parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a global catalog port, an error is thrown.

Get-ADComputer

Using Measure-Command{} you can see how long a command takes. The Measure-Command cmdlet runs a script block or cmdlet internally, times the execution of the operation, and returns the execution time.

Let's wrap the Get-ADComputer command in a Measure-Command{} block:

PS C:\Users\janreilink> Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))} -SearchBase "OU=Webservers,OU=Computers,DC=global,DC=example,DC=net").DNSHostName }


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 0
Milliseconds      : 44
Ticks             : 447605
TotalDays         : 5.18061342592593E-07
TotalHours        : 1.24334722222222E-05
TotalMinutes      : 0.000746008333333333
TotalSeconds      : 0.0447605
TotalMilliseconds : 44.7605

Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName }


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 0
Milliseconds      : 75
Ticks             : 758727
TotalDays         : 8.7815625E-07
TotalHours        : 2.107575E-05
TotalMinutes      : 0.001264545
TotalSeconds      : 0.0758727
TotalMilliseconds : 75.8727

As you can see, in this particular example the gain is roughly 30ms. It may not be much, but every little speed increase counts, right :)