How do you find the user accounts which take up the most space in Active Directory database?
I have just had this very question from a customer who has some BLOB attributes added to user objects and suspect that some of these got much bigger than the others. As result, the overall AD database is now way bigger than the customer would like to have (affecting performance, backups, replication, and so on.)
The problem they had is finding these objects.
My first reaction was: just do a Get-QADUser
and sort the objects by size – how much easier can it get? Well, the problem is that there is just no SizeOf function in PowerShell – the system would not tell you how big a given object is.
The workaround I found was very simple. If we cannot get the in-memory size of an object – we can still export it to a file and measure the file size. 🙂
So here is my script:
# Use a different value of SizeLimit # if you want a subset of accounts to test the script Get-QADUser -SizeLimit 0 -IncludeAllProperties | ForEach { $_ | Export-Clixml "$($_.samAccountName).xml" } dir | sort Length -Descending
In a nutshell, all it does is goes through all AD user accounts, and exports each into xml file.
Then I just sort them by size.
The cool part about using ForEach-Object and not keeping all objects in an array is that this is actually very efficient from memory consumption perspective – each object gets cleared from memory after it is saved to xml.
Throughout running the script powershell.exe process was consuming only about 30-40MB of RAM.
One thing to note is that in most domains this script will take a long time to execute (hours). You can make it faster if you can limit the scope of Get-QADUser either by some attributes (SearchRoot, Enabled/Disabled, City, and so on) or properties (I was retrieving all, but if you actually know which properties contribute the most to the size you can include just these properties.) Again, see this post for more consideration on optimizing the script.
Tags: AD, AD cmdlets, Active Directory, PowerShell, cmdlets, one-liner, oneliner