Get-QADUser against Managed Unit is Slower than Entire Domain

Hey Everyone,

Just wondering if I am missing a parameter or maybe its just the way it is supposed to work.

I have the 2 below queries I am testing. One against the entire domain and one against a Managed Unit which should contain my true targets.

Searching the entire domain (50K users ) is a lot faster than targeting the Managed Unit (800 users)

$date = (Get-Date).AddDays(-31)

$stopwatch1 =  [system.diagnostics.stopwatch]::StartNew()
$deproUsers1 = Get-QADUser -SizeLimit 0 -proxy -SearchRoot "DC=mydomain,DC=com" -DontUseDefaultIncludedProperties -ObjectAttributes @{edsvaACDeprovisionDate='*'} -IncludedProperties samaccountname,mail,employeeNumber,edsvaACDeprovisionDate,edsvaACLeaveDate,extensionAttribute2 -SerializeValues | Where-Object { [DateTime]$_.edsvaACDeprovisionDate -le $date } | Select-Object samaccountname,mail,employeeNumber,edsvaACDeprovisionDate,edsvaACLeaveDate
$stopwatch1.Stop()

$stopwatch2 =  [system.diagnostics.stopwatch]::StartNew()
$deproUsers2 = Get-QADUser -SizeLimit 0 -proxy -SearchRoot 'CN=DeprovisionedAccounts,CN=Users,CN=Hidden,CN=My Company,CN=Managed Units,CN=Configuration' -DontUseDefaultIncludedProperties -ObjectAttributes @{edsvaACDeprovisionDate='*'} -IncludedProperties samaccountname,mail,employeeNumber,edsvaACDeprovisionDate,edsvaACLeaveDate,extensionAttribute2 -SerializeValues | Where-Object { [DateTime]$_.edsvaACDeprovisionDate -le $date } | Select-Object samaccountname,mail,employeeNumber,edsvaACDeprovisionDate,edsvaACLeaveDate
$stopwatch2.Stop()


$stopwatch1.Elapsed.TotalSeconds
$stopwatch2.Elapsed.TotalSeconds

$deproUsers1.count
$deproUsers2.count

6,7517274
19,1901357

52
52

I would of thought setting the searchroot to a Managed Unit would be exponentially quicker since it is already a subset of the entire managed domain

If this is expected behavior then it would only be useful for really complex Managed Unit rules where the same filtering cannot be performed on the command line.

Possibly AR causing a complete refresh on the MU before it pulls the data?

Thanks for any input

Clay

Parents Reply Children
No Data