我们有一个拥有500万用户的Active Directory。尝试使用Powershell脚本提取用户时,出现错误“ Get-ADUser:由于超时时间已到期,此操作返回。”
已经尝试在网络上搜索优化的脚本。以下是我们所拥有的。大约50万用户可以正常使用。
Import-Module ActiveDirectory
$Users = Get-ADUser -SearchBase "CN=Users,DC=*****,DC=*****,DC=*****" -Server "*****" -ResultPageSize 1 -LDAPFilter "(&(objectCategory=User)(whenCreated>=20190101000000.0Z)(whenCreated<=20190131235959.0Z))" -Properties WhenCreated | Select-Object Name, WhenCreated
$Users | Export-Csv C:\Temp\January2019.csv -NoTypeInformation
答案 0 :(得分:1)
Get-ADUser和PowerShell提供给您的所有其他cmdlet都很方便,但是在性能方面却很糟糕。
最好使用.NET的DirectorySearcher,PowerShell的缩写为[ADSISearcher]。是的,它的代码更多,但是很多更快。这是一个示例,该示例应执行您想要的操作(确保更改OU和服务器的前两行):
$server = "****"
$ou = "CN=Users,DC=*****,DC=*****,DC=*****"
$searcher = [ADSISearcher]"(&(objectCategory=User)(whenCreated>=20190101000000.0Z)(whenCreated<=20190131235959.0Z))"
$searcher.PropertiesToLoad.Add("whenCreated") #We only want the whenCreated attribute
$searhcer.PageSize = 200 #Get the users in pages of 200
$searcher.SearchRoot = [ADSI]"LDAP://$server/$ou"
$ADObjects = @()
foreach($result in $searcher.FindAll()) {
#The SearchResultCollection doesn't output in PowerShell very well, so here we create
#a PSObject for each results with the properties that we can export later
[Array]$propertiesList = $result.Properties.PropertyNames
$obj = New-Object PSObject
foreach($property in $propertiesList) {
$obj | add-member -membertype noteproperty -name $property -value ([string]$result.Properties.Item($property))
}
$ADObjects += $obj
}
$ADObjects | Export-Csv C:\Temp\January2019.csv -NoTypeInformation
答案 1 :(得分:0)
感谢您的所有帮助。不用使用Get-ADUser,我可以使用CSVDE(LDIFDE变体,允许将数据导出到CSV文件)提取用户,而没有任何问题。
CSVDE -f D:\ Temp \ ADUseru.csv -d“ CN = Users,DC = *****,DC = *****,DC = *****” -r“(& (objectClass = user)(objectCategory = person)(whenCreated> = 20120101000000.0Z)(whenCreated <= 20121231235959.0Z))“ -l”名称,创建时,memberOf,sAMAccountName“