Sysadmins of the North
Share now!





Use -SearchBase with Get-ADComputer for faster results

This might be specific to my Windows Server environment and PoSH scripting, but using -SeachBase with PowerShell’s Get-ADComputer gives me faster results. You can use this for your own advantage, here is a little example to speed up AD DS queries.

Optimize performance of Active Directory Domain Services (AD DS) queries via PowerShell

Imagine the scenario where you need to get a list of servers connected to your Active Directory Domain. Because you need a specific set of servers, for example only web servers, or only Windows Server 2019, you use conditions.

In PowerShell you can easily accomplish this using Get-ADComputer:

PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and (OperatingSystem -like "Windows Server 2019*")}).DNSHostName
nyc-srv-320.example.net
nyc-srv-321.example.net
nyc-srv-322.example.net
nyc-srv-323.example.net
nyc-srv-324.example.net
nyc-srv-325.example.net
PS C:\Users\janreilink> (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName
la-srv-280.example.net
la-srv-285.example.net
la-srv-279.example.net
la-srv-284.example.net
la-srv-281.example.net
la-srv-292.example.net
la-srv-282.example.net
la-srv-283.example.net
[!snip!]
la-srv-350.example.net
nyc-srv-302.example.net
nyc-srv-303.example.net
nyc-srv-304.example.net
nyc-srv-305.example.net
nyc-srv-306.example.net
nyc-srv-307.example.net
nyc-srv-308.example.net
nyc-srv-309.example.net
[!snip!]
nyc-srv-350.example.net

In this example, there is a small performance gain in using a -SearchBase parameter. But first, what does SearchBase? The Get-ADComputer cmdlet documentation describes:

-SearchBase
Specifies an Active Directory path to search under.

When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.

When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services target, the default value of this parameter is the default naming context of the target domain.

When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.

When the value of the SearchBase parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a global catalog port, an error is thrown.

Get-ADComputer

Using Measure-Command{} you can see how long a command takes. Let’s wrap the Get-ADComputer command in a Measure-Command{} block:

PS C:\Users\janreilink> Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))} -SearchBase "OU=Webservers,OU=Computers,DC=global,DC=example,DC=net").DNSHostName }


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 0
Milliseconds      : 44
Ticks             : 447605
TotalDays         : 5.18061342592593E-07
TotalHours        : 1.24334722222222E-05
TotalMinutes      : 0.000746008333333333
TotalSeconds      : 0.0447605
TotalMilliseconds : 44.7605

Measure-Command{ (Get-ADComputer -Filter {(enabled -eq $True) -and ((DNSHostname -like "nyc-srv-*") -or (DNSHostname -like "la-srv-*"))}).DNSHostName }


Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 0
Milliseconds      : 75
Ticks             : 758727
TotalDays         : 8.7815625E-07
TotalHours        : 2.107575E-05
TotalMinutes      : 0.001264545
TotalSeconds      : 0.0758727
TotalMilliseconds : 75.8727

As you can see, in this particular example the gain is roughly 30ms. It may not be much, but every little thing -and speed increase- counts, right 🙂

This may interest you:   Various articles (tech and non-tech)

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.

follow me on:


Thank you!

Leave a Comment:

1 comment
Add Your Reply
Skip to content FBnI vJ vK qbFIiYXFYEQz