I’ve been a long time lurker here and have a PowerShell question that relates to Active Directory. In order to reduce some of the time it takes for PowerShell queries and jobs to finish, I’m considering indexing Active Directory attributes, either in the general sense or by leveraging deferred indexing with Windows 2012 domain controllers.
Does anyone here have experience with indexing Active Directory attributes, or know where I can find more information about disk utilization and measured improvements as it pertains to PowerShell?
Impact is in the query itself and not Powershell-specific. ANR flag needs to be set to perform ANR type queries otherwise enable indexing on particular AD attribute and/or container index. It all depends what exactly you are attempting to query, size of AD overall, return object and how many attributes, etc. All of that will impact the performance increase you will experience and how you need to configure the search flags.
I have done this before but very selectively and only when it serves a real business need, not just for my convenience. A user automation process that my organization needed uses the employeenumber attribute to reference accounts and indexing this attribute sped up searches pretty significantly. I have seen no noticeable performance or replication issues stemming from this.
We’re not talking a huge directory though, about 20,000 users.