Parsing attributes for dynamic groups

jraines 1 month ago

Hello :-)

I have a need for preferably a dynamic group that can parse an attribute and compare to a list of values.

Example - ADUser Title attribute - "F387-IT Operations Manager"

I need to parse the value before the "-" for "F387", then look up that value in a list of up to 4500 values to see if there's a match.

If there is a match, then I want the AD user to be a member of the dynamic group.

How can I build this in a way is dynamic and yet performance doesn't take a hit? For reference, I've got >40K ADUsers. Doing "Get-ADUser -filter {...}" takes 30+ seconds across all 40K users.

Regards,

Jon

0 CM 2 days ago

Jon,

When you convert a group to become Dynamic, the wizard easily lets you use this behavior.
Just use Include by query.

Narrow the Find scope to Users, define highest level OU where you want the filter to begin
Advanced Tab:
Select Department attribute and qualifier Starts with , value = F387
Preview and see how long it takes to populate, that would be general Full Rebuild time, deltas are quick as users pop in and out of AD with those values defined in their attribute.

I believe in background it converts the query to raw LDAP or ADSI using the EDMS connection, so about as efficient as you can get it.

the qualifiers is what can cause it to take the biggest hit.

In order of efficiency:

Equals

Starts With

Present

Not Present

Ends With

Contains (basically about the slowest since it is more or less using wildcards on both side if your string)

Clay
Cancel
Up 0 Down

Reply

Verify Answer

Cancel