• State Not Answered
  • Replies 12 replies
  • Subscribers 62 subscribers
  • Views 4273 views
  • Users 0 members are here
Options
Related

Get-QADUser vs Get-ADUser

Lee Andrews
over 1 year ago

I'm just wondering why there seems to be such a massive performance difference between the Get-QADuser and Get-ADuser.  I know the QAD commands return a lot more data and I have to use them when I need access to the virtual attributes defined in my environment but the speed difference is a millennium apart.  

This takes 6 seconds - measure-command { Get-ADUser    -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2)(employeeID=*)(employeeNumber=*))))' }  
This takes 2 minutes  - measure-command { Get-QADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2)(employeeID=*)(employeeNumber=*))))'     -proxy -SizeLimit 0 }  

2 minutes seems like a lifetime when debugging :-) 

I've taken to loading the AD commandlets more and more despite feeling that they are somewhat inferior to the Quest commandlets but convincing others that they shoul dbe using them is pretty hard when the first script they write using them runs so sloooooooly.


Parents
  • 0 over 1 year ago

    I re-jigged Lee's command lines for my environment as shown and set the the "Quest cmdlet Progress Policy" NOT to display the progress bar.

    measure-command { Get-ADUser  -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' }

    measure-command { Get-QADUser -DontUseDefaultIncludedProperties -DontConvertValuesToFriendlyRepresentation -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))'    -SizeLimit 0 }  


    For a small 3500 user AD, I obtained the following results:

    Seconds : 12
    Milliseconds : 951
    Ticks : 129511830
    TotalDays : 0.000149897951388889
    TotalHours : 0.00359755083333333
    TotalMinutes : 0.21585305
    TotalSeconds : 12.951183
    TotalMilliseconds : 12951.183

    Seconds : 27
    Milliseconds : 603
    Ticks : 276037552
    TotalDays : 0.000319487907407407
    TotalHours : 0.00766770977777778
    TotalMinutes : 0.460062586666667
    TotalSeconds : 27.6037552
    TotalMilliseconds : 27603.7552

  • 0 over 1 year ago in reply to JohnnyQuest

    clear-host
    $t1 = measure-command { $users1 = Get-ADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' }
    $t2 = measure-command { $users2 = Get-QADUser -DontUseDefaultIncludedProperties -DontConvertValuesToFriendlyRepresentation -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy:$false }
    $t3 = measure-command { $users3 = Get-QADUser -DontUseDefaultIncludedProperties -DontConvertValuesToFriendlyRepresentation -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy }
    $t4 = measure-command { $users4 = Get-QADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy:$false }
    $t5 = measure-command { $users5 = Get-QADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -proxy }
    write-host "AD commandlet runtime .......................: $($t1.Minutes) Minutes $($t1.Seconds) seconds"
    write-host "QAD commandlet runtime no defaults...........: $($t2.Minutes) Minutes $($t2.Seconds) seconds"
    write-host "QAD commandlet runtime no defaults w proxy ..: $($t3.Minutes) Minutes $($t3.Seconds) seconds"
    write-host "QAD commandlet runtime ......................: $($t4.Minutes) Minutes $($t4.Seconds) seconds"
    write-host "QAD commandlet runtime w proxy ..............: $($t5.Minutes) Minutes $($t5.Seconds) seconds"


    and the score on the door is :

    AD commandlet runtime ......................................: 0 Minutes 9 seconds
    QAD commandlet runtime no defaults..................: 0 Minutes 13 seconds
    QAD commandlet runtime no defaults w proxy ...: 1 Minutes 53 seconds
    QAD commandlet runtime ...................................: 1 Minutes 46 seconds
    QAD commandlet runtime w proxy ......................: 2 Minutes 9 seconds


    Given in an ARS environment I HAVE to use the proxy switch I'm still disappointed with the performance.  It's using an SQL backend and I'd expect similar performance when excluding all the default parameters possibly faster after all the SQL server only has the ARS client querying it.  

Reply
  • 0 over 1 year ago in reply to JohnnyQuest

    clear-host
    $t1 = measure-command { $users1 = Get-ADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' }
    $t2 = measure-command { $users2 = Get-QADUser -DontUseDefaultIncludedProperties -DontConvertValuesToFriendlyRepresentation -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy:$false }
    $t3 = measure-command { $users3 = Get-QADUser -DontUseDefaultIncludedProperties -DontConvertValuesToFriendlyRepresentation -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy }
    $t4 = measure-command { $users4 = Get-QADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -Proxy:$false }
    $t5 = measure-command { $users5 = Get-QADUser -LdapFilter '(&(sAMAccountType=805306368)(!(|(userAccountControl:1.2.840.113556.1.4.803:=2))))' -SizeLimit 0 -proxy }
    write-host "AD commandlet runtime .......................: $($t1.Minutes) Minutes $($t1.Seconds) seconds"
    write-host "QAD commandlet runtime no defaults...........: $($t2.Minutes) Minutes $($t2.Seconds) seconds"
    write-host "QAD commandlet runtime no defaults w proxy ..: $($t3.Minutes) Minutes $($t3.Seconds) seconds"
    write-host "QAD commandlet runtime ......................: $($t4.Minutes) Minutes $($t4.Seconds) seconds"
    write-host "QAD commandlet runtime w proxy ..............: $($t5.Minutes) Minutes $($t5.Seconds) seconds"


    and the score on the door is :

    AD commandlet runtime ......................................: 0 Minutes 9 seconds
    QAD commandlet runtime no defaults..................: 0 Minutes 13 seconds
    QAD commandlet runtime no defaults w proxy ...: 1 Minutes 53 seconds
    QAD commandlet runtime ...................................: 1 Minutes 46 seconds
    QAD commandlet runtime w proxy ......................: 2 Minutes 9 seconds


    Given in an ARS environment I HAVE to use the proxy switch I'm still disappointed with the performance.  It's using an SQL backend and I'd expect similar performance when excluding all the default parameters possibly faster after all the SQL server only has the ARS client querying it.  

Children
  • 0 over 1 year ago in reply to Lee Andrews

    The thing is, technically you don't HAVE to use the proxy switch unless:

    1) You are relying on override account credentials in Active Roles to access your domain(s) and/or
    2) You are trying to work with virtual attributes

    ...and clearly, neither of these are true (100% of the time?) since you implied that you are (at least sometimes?) able to get done what you need using Get-ADUser?Relaxed

  • 0 over 1 year ago in reply to JohnnyQuest

    I have quite a lot of virtual attributes in my environment making the quest commandlets a requirement.  I still think the commandlets are great and would love to use them all the time and encouraging other to use them can be difficult when they see a performance dip.  I only use the quest commandlets now when I need a virtual attribute or am updating objects.  As you mentioned before adding an operationReason is invaluable.