Author Posts

November 6, 2014 at 4:39 am

I've been a long time lurker here and have a PowerShell question that relates to Active Directory. In order to reduce some of the time it takes for PowerShell queries and jobs to finish, I'm considering indexing Active Directory attributes, either in the general sense or by leveraging deferred indexing with Windows 2012 domain controllers.

Does anyone here have experience with indexing Active Directory attributes, or know where I can find more information about disk utilization and measured improvements as it pertains to PowerShell?

Thanks.

November 6, 2014 at 7:20 am

I don't have any experience doing this but that's an extremely interesting idea I never thought of before.

November 6, 2014 at 8:36 am

Performance benefits are will be very much linked to the size of AD. What size of AD do you have?

Also of course depends on the type of jobs your are running and how you are running them (i.e. standard powershell or powershell workflows)?

November 6, 2014 at 10:19 am

Impact is in the query itself and not Powershell-specific. ANR flag needs to be set to perform ANR type queries otherwise enable indexing on particular AD attribute and/or container index. It all depends what exactly you are attempting to query, size of AD overall, return object and how many attributes, etc. All of that will impact the performance increase you will experience and how you need to configure the search flags.

Here's a good read to help put it all together:

http://bit.ly/1xkkJgX

-Collin

November 6, 2014 at 4:00 pm

I have done this before but very selectively and only when it serves a real business need, not just for my convenience. A user automation process that my organization needed uses the employeenumber attribute to reference accounts and indexing this attribute sped up searches pretty significantly. I have seen no noticeable performance or replication issues stemming from this.

We're not talking a huge directory though, about 20,000 users.