0

I am trying to find recursively the groups on folders and their distinguished names (DN) through an extensive structure of directories / subdirectories on a NAS share.

I made code and it works, but it is slow and gobbles up memory for some reason.

I am looking for help to understand what I might be doing wrong, or if there is a faster / less memory intensive way to do this.

  • It seems to slow down where it takes each $acct and creates the $acctsQADObject with Get-QADObject.

  • I see 8-10 $acct per container (directory), and it takes about 5 seconds or more to process each.

  • It seems like each iteration of $acct is caching something that it does not release, so each loop of $acct you can watch memory increase by 0.02+ MB.

  • I was popping off the $acct from $accts and trying to force $acctsQADObject to $null to try and get some memory to clear. It does not seem to help at all though. The $groups hash is then taken to another function to get the users for each group, but I think that is fine.

Note: The Get-QADObject was from quest.com, and their forum seems pretty silent, so I was hoping to find help here.

The code I have to date:

    $containers = @(Get-Item -Path $Path | ? {$_.psIscontainer})
    $containers += Get-ChildItem -Path $Path -Recurse | ? {$_.psIscontainer}

    if ($containers -eq $null) {break}
    while ($containers) {
        $container,$containers = $containers
        Write-Output "Container: " $container
        $accts=$null
        $accts=@()
        $accts = @((Get-ACL $container.fullname).Access)
        while ($accts) {
            $acct,$accts = $accts
            $acctsQADObject = $null
            $acctsQADObject = Get-QADObject -PageSize 1000 -DontUseDefaultIncludedProperties -SizeLimit 0 -Identity ([string]$acct.IdentityReference) 
            if ($acctsQADObject.ObjectClass -contains 'group') {
                $Name = $acctsQADObject.Name
                $DN = $acctsQADObject.DN
                $key = "$($Name)|$($DN)"
                if (!$groups.ContainsKey($key) -and $key -notcontains "Group|Member") {
                    Write-Output "Found first reference to a group: $($DN) assigned to directory $container"
                    $msg += "Found first reference to a group: $($DN) assigned to directory $container `n"
                    $groups.add($key,$DN)
                }
            }                           

        }
    }
bahrep
  • 29,961
  • 12
  • 103
  • 150
archcutbank
  • 419
  • 1
  • 6
  • 17
  • Are you in an environment where you are locked into the QAD cmdlets? Do you have a 2008R2 server? If you can I would rewriting it with the MS AD cmdlets. – EBGreen Aug 16 '12 at 14:06
  • I added after the while ($accts) loop [System.GC]::Collect(), but memory is still creeping up. – archcutbank Aug 16 '12 at 14:07
  • EBGReen, do you have some code that I could use to replace the while($accts) loop that uses MS AD cmdlet? I am on 2008R2 and I am not locked into using QAD cmdlet. – archcutbank Aug 16 '12 at 14:09
  • I don't have anything handy right now and I'm a little busy today, but if I get a chance, I'll see what I can come up with. – EBGreen Aug 16 '12 at 15:47
  • Note that import-module ActiveDirectory did not work. I am not sure yet on how to get this working. I did get-module and do not see much installed and definitely not Active Directory. Everything I read seems to indicate it comes with it. I see for Windows 7 you need to install RSAT, maybe you need this on the 2008 server? – archcutbank Aug 16 '12 at 17:59

1 Answers1

0

Why not use Get-QADGroup instead of Get-QADObject? That way you're guaranteed to get a group. Then you can just pull the DN property from it. I wrote some code that's useful for folder audit stuff that it sounds like you're trying to do. It can be found in another post here. To get members of a group, you can use Get-QADGroupMember $groupname -Indirect.

Community
  • 1
  • 1
Chris S
  • 9
  • 2