To index or not to index attributes in a green field AD environment?

This topic contains 4 replies, has 5 voices, and was last updated by Profile photo of Matt McNabb Matt McNabb 2 years, 1 month ago.

  • Author
    Posts
  • #20389
    Profile photo of awake
    awake
    Participant

    I've been a long time lurker here and have a PowerShell question that relates to Active Directory. In order to reduce some of the time it takes for PowerShell queries and jobs to finish, I'm considering indexing Active Directory attributes, either in the general sense or by leveraging deferred indexing with Windows 2012 domain controllers.

    Does anyone here have experience with indexing Active Directory attributes, or know where I can find more information about disk utilization and measured improvements as it pertains to PowerShell?

    Thanks.

  • #20393
    Profile photo of Adam Bertram
    Adam Bertram
    Participant

    I don't have any experience doing this but that's an extremely interesting idea I never thought of before.

  • #20399
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Performance benefits are will be very much linked to the size of AD. What size of AD do you have?

    Also of course depends on the type of jobs your are running and how you are running them (i.e. standard powershell or powershell workflows)?

  • #20415
    Profile photo of Collin Chaffin
    Collin Chaffin
    Participant

    Impact is in the query itself and not Powershell-specific. ANR flag needs to be set to perform ANR type queries otherwise enable indexing on particular AD attribute and/or container index. It all depends what exactly you are attempting to query, size of AD overall, return object and how many attributes, etc. All of that will impact the performance increase you will experience and how you need to configure the search flags.

    Here's a good read to help put it all together:

    http://bit.ly/1xkkJgX

    -Collin

  • #20430
    Profile photo of Matt McNabb
    Matt McNabb
    Participant

    I have done this before but very selectively and only when it serves a real business need, not just for my convenience. A user automation process that my organization needed uses the employeenumber attribute to reference accounts and indexing this attribute sped up searches pretty significantly. I have seen no noticeable performance or replication issues stemming from this.

    We're not talking a huge directory though, about 20,000 users.

You must be logged in to reply to this topic.