Mail-Enabled Nested Groups

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Tore Groneng Tore Groneng 3 years, 3 months ago.

  • Author
    Posts
  • #13931
    Profile photo of KevinB
    KevinB
    Participant

    Hello all,
    First time posting so bear with me... 😀

    I've been given a task to take a list of user accounts (roughly 80,000) and export all groups they are a member of, including nested groups, but only those with a mail address. So the problem I'm running into is the fact that this script takes an extremely long time to finish. I've tried to eliminate any extra script, but still... 10+ hours to run. Also, when I execute the script in PSv3 or v4 the powershell process eats multiple GB of ram after it's been running a while. So I've resorted to using a custom export-csv function that can append, since I seem to only be able to use PSv2.

    $users = import-csv c:\app_users.csv
    foreach ($user in $users)
    {
    get-qadmemberof $user.samaccountname -indirect|
    where {$_.email -ne $null}|
    select @{name="User";expression={$user.samaccountname}},DN,email|
    export-csv c:\users-result.csv -append –notype
    }

    Any suggestions are very appreciated!!
    KevinB

  • #13937
    Profile photo of Tore Groneng
    Tore Groneng
    Participant

    hi,

    Good God, a nice challenge :-). If I understand you correctly, you have two issues. Speed and memory consumption when the script runs. Ideally you would like a script that runs fast without consuming much memory, like Winnie the Pooh, Both please. Reducing on of them might have impact on the other.

    Some suggestions:

    1. If you have trust enabled to other AD forests, you might want to look into adding the KeepForeignSecurityPrincipals parameter-switch for the get-qadmemberof cmdlet.
    2. Next I would investigate the performance impact on applying the UseDefaultExcludedProperties parameter in combination with the IncludedProperties parameter since you only require the sAMAccountname, dn, email attributes in your export
    3. Experimental: Split the script up in more pieces and use import-clixml and export-clixml to "cache" data locally

    Shot back any questions you have

    Cheers

You must be logged in to reply to this topic.