While working on Active directory group membership automation for one of the project where the group we were working with had more than 20000 members, We have observed that our script has slowed down so much that adding and remove 500-600 users from the group is taking hours to complete which was earlier very quick with in minutes.
We analyzed the code and it was processing 100 members at ones which we thought was enough to increase performance but it stuck for long time on adding or removing members.
Eventually script completes but taking so much time that our next feed gets delayed or we started missing some of our feeds.
We moved the script to windows 2012 machine and it again start performing at a great pace and we thought its something to do with power shell version but we were wrong as it started to behave the same after certain number of days.
Than suddenly it struck to us that it may be related to the domain controllers it was connecting.
To check it we ran Get-ADDomainController and we found the cause, session was going to different AD site Domain Controller.
This explained us the reason for slowness and to resolve it we have used below line in our script.
$PSDefaultParameterValues = @{“*-AD*:Server”=’Domaincontroller.Domain.Com’}
This parameter will direct the Ad-module to connect to Particular Domain Controller.
I hope this post will assist you if you are in the similar situation.
Thanks for reading.
Sukhija Vikas
Tech Wizard 