I was looking for a possibility of a fast LDAP search with PowerShell for a daily report. I wanted to create the following report automatically:
How many users have been migrated until now? (all users with a certain property)
I experimented with three possibilities and came up with the following:
3 ways to search with PowerShell
I took several paths because I wasn’t satisfied with the respective results. Finally, the solution with the System.DirectoryServices.Protocols turned out to be the fastest. First, I am going to present an overview over all possibilities and their results. Then, I will explain all three and go into more detail.
3 possibilities of the LDAP search with PowerShell – Search with 40,000 user objects
LDAP search with PowerShell – ADSI saves 50% time
The Active Directory domain I searched was still in Windows 2003 mode. That’s why I unfortunately couldn’t use the Microsoft cmdlets for Active Directory. I had to try something else and started with this:
The first thing I tried was the Quest Active Directory CmdLet Get-QADuser:
The LDAP search with PowerShell for 40,000 user accounts took about 25 minutes.
As the execution of this script was always the last task of a my long migration days, 25 minutes were not acceptable to me.
My next try was using the ADSI interface with the “System.DirectoryServices.DirectorySearcher” object:
This resulted in a much faster search of 10-15 minutes. But I wasn’t satisfied yet:
Fast LDAP search with Find-LdapObject – 90% time reduction
I talked to our developers if there was something else I could try. And (thanks to Peter) I found the “System.DirectoryServices.Protocols“. Here is the link to the Microsoft Website.
If necessary, you have to download the modules, save them locally and load them into PowerShell:
Afterwards, the new cmdlets can be used. And one of these is:
With Find-LdapObject, searching 40,000 user accounts took less than 2 minutes.
…at last, I was satifsfied 🙂
Are you looking for Active Directory Tools? Visit us: FirstAttribute