Get-ADUser 在过滤和使用 IF ELSE 语句时花费的时间太长
Get-ADUser takes too long when filtering and using IF ELSE statements
不久前我发布了一个关于将特定用户信息从 AD 导出到 .CSV 文件的问题 ()。
感谢 Santiago Squarzon 的帮助,我设法让它按照我想要的方式工作和过滤,除了一个小细节——脚本需要 13 个小时才能完成执行。
我修改了一些过滤器,删除了一个 if 语句并将该时间减少到 8.5 小时左右,但这对我来说仍然是无法接受的。
简短摘要:我想导出所有(已启用)具有员工编号属性的 AD 用户。如果不存在,则检查其他属性等,总共 5 个嵌套 if 语句。然后将其导出为 .CSV 文件。
你能看一下下面的部分代码并帮助优化它吗?我相信大约有 15 万个用户帐户需要检查。
$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name + ".csv"
$param = @{
LDAPFilter = "(&(!extensionAttribute9=0)(!employeenumber=svc)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
ResultPageSize = 500
Properties = @(
'businesscategory'
'extensionAttribute4'
'extensionAttribute9'
'extensionAttribute13'
'employeenumber'
)
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
$param['Server'] = $_
foreach($user in Get-ADUser @param) {
if($user.EmployeeNumber -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_ # Adding the Domain of this user here
}} else {
if($user.businesscategory -ne $null) {
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute4 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute9 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute13 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.SamAccountName -like "*_A*"){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}}
}
}
}
}
}
}
} | Export-Csv "$env:userprofile\Documents$filename" -Delimiter ';' -NoTypeInformation
'DOMAIN1'、'DOMAIN2'、'DOMAIN3'、'DOMAIN4' 是(我相信)一个域树中的 4 个不同的子域:domain1.test.com、domain2.test.com等
不是回答而是为了证明一点,之后会删除。
$user = [pscustomobject]@{
SamAccountName = '_A'
EmployeeNumber = $null
businesscategory = $null
extensionAttribute4 = $null
extensionAttribute9 = $null
extensionAttribute13 = $null
}
# your code
if($user.EmployeeNumber -ne $null){ $user }
else { if($user.businesscategory -ne $null) { $user }
else { if($user.extensionAttribute4 -ne $null){ $user }
else { if($user.extensionAttribute9 -ne $null){ $user }
else { if($user.extensionAttribute13 -ne $null){ $user }
else { if($user.SamAccountName -like "*_A*"){ $user }}}}}}
# can be reduced to one condition
# (Not implying this is faster)
if(
$user.EmployeeNumber -or
$user.businesscategory -or
$user.extensionAttribute4 -or
$user.extensionAttribute9 -or
$user.extensionAttribute13 -or
$user.SamAccountName -like "*_A*"
) {
$user
}
# but above can be translated to the following LDAP Filter, which is faster
(|
(EmployeeNumber=*)
(businesscategory=*)
(extensionAttribute4=*)
(extensionAttribute9=*)
(extensionAttribute13=*)
(SamAccountName=*_A*)
)
不久前我发布了一个关于将特定用户信息从 AD 导出到 .CSV 文件的问题 (if 语句并将该时间减少到 8.5 小时左右,但这对我来说仍然是无法接受的。
简短摘要:我想导出所有(已启用)具有员工编号属性的 AD 用户。如果不存在,则检查其他属性等,总共 5 个嵌套 if 语句。然后将其导出为 .CSV 文件。
你能看一下下面的部分代码并帮助优化它吗?我相信大约有 15 万个用户帐户需要检查。
$name = Read-Host -Prompt "Please enter the name for output file."
$filename = $name + ".csv"
$param = @{
LDAPFilter = "(&(!extensionAttribute9=0)(!employeenumber=svc)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
ResultPageSize = 500
Properties = @(
'businesscategory'
'extensionAttribute4'
'extensionAttribute9'
'extensionAttribute13'
'employeenumber'
)
}
'DOMAIN1','DOMAIN2','DOMAIN3','DOMAIN4' | ForEach-Object {
$param['Server'] = $_
foreach($user in Get-ADUser @param) {
if($user.EmployeeNumber -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_ # Adding the Domain of this user here
}} else {
if($user.businesscategory -ne $null) {
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute4 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute9 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.extensionAttribute13 -ne $null){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}} else {
if($user.SamAccountName -like "*_A*"){
[pscustomobject]@{
Name = $user.Name
SamAccountName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
BusinessCategory = $user.businesscategory -join ", "
extensionAttribute4 = $user.extensionAttribute4 -join ", "
extensionAttribute9 = $user.extensionAttribute9 -join ", "
extensionAttribute13 = $user.extensionAttribute13 -join ", "
DistinguishedName = $user.DistinguishedName
employeenumber = $user.employeenumber
Enabled = $user.Enabled
Domain = $_
}}
}
}
}
}
}
}
} | Export-Csv "$env:userprofile\Documents$filename" -Delimiter ';' -NoTypeInformation
'DOMAIN1'、'DOMAIN2'、'DOMAIN3'、'DOMAIN4' 是(我相信)一个域树中的 4 个不同的子域:domain1.test.com、domain2.test.com等
不是回答而是为了证明一点,之后会删除。
$user = [pscustomobject]@{
SamAccountName = '_A'
EmployeeNumber = $null
businesscategory = $null
extensionAttribute4 = $null
extensionAttribute9 = $null
extensionAttribute13 = $null
}
# your code
if($user.EmployeeNumber -ne $null){ $user }
else { if($user.businesscategory -ne $null) { $user }
else { if($user.extensionAttribute4 -ne $null){ $user }
else { if($user.extensionAttribute9 -ne $null){ $user }
else { if($user.extensionAttribute13 -ne $null){ $user }
else { if($user.SamAccountName -like "*_A*"){ $user }}}}}}
# can be reduced to one condition
# (Not implying this is faster)
if(
$user.EmployeeNumber -or
$user.businesscategory -or
$user.extensionAttribute4 -or
$user.extensionAttribute9 -or
$user.extensionAttribute13 -or
$user.SamAccountName -like "*_A*"
) {
$user
}
# but above can be translated to the following LDAP Filter, which is faster
(|
(EmployeeNumber=*)
(businesscategory=*)
(extensionAttribute4=*)
(extensionAttribute9=*)
(extensionAttribute13=*)
(SamAccountName=*_A*)
)