DontUseDefaultIncludedProperties is the AD cmdlets parameter you need when you want to get AD objects fast without extra properties you do not need. For example, I have just used it in my script to locate the largest groups in our Active Directory. Let’s talk about how effective it really is and how it works under the covers.
First, of all, let me prove that it is indeed very efficient. Here’s the same Get-QADUser run 100 times with and without the parameter:
[PS] C:\>Measure-Command { for ($i=0;$i -lt 100;$i++) { $a = Get-QADUser -SamAccountName dsotnikov -DontUseDefaultIncludedProperties } }
...
Seconds : 3
Milliseconds : 951
...
[PS] C:\>Measure-Command { for ($i=0;$i -lt 100;$i++) { $a = Get-QADUser -SamAccountName dsotnikov } }
...
Seconds : 7
Milliseconds : 526
...
That’s twice as fast with the parameter than it is without it!
Why? Because DontUseDefaultIncludedProperties makes the cmdlet only retrieve 2 attributes: distinguishedName и objectClass, whereas the cmdlet without it will go get quite a few other properties.
You can easily see which attributes got retrieved by running:
$a = Get-QADUser -SamAccountName dsotnikov -DontUseDefaultIncludedProperties
$a.Cache.AttributesInCache
The interesting thing is that the cmdlet is even smarter with subsequent use of the object. For most properties (to be specific, for all regular .NET properties of the object but not PowerShell dynamic NoteProperties), we will go and retrieve the property once you request it later on. E.g. this will actually work and give you the account description:
$a = Get-QADUser -SamAccountName dsotnikov -DontUseDefaultIncludedProperties
$a.Description
And this will retrieve a whole bunch of attributes:
Get-QADUser -SamAccountName dsotnikov -DontUseDefaultIncludedProperties | Format-List *
You can obviously keep using $a.Cache.AttributesInCache to check which ones we retrieve.
Pretty cool, isn’t it?
The only other thing I would note is the difference between:
Get-QADUser -SamAccountName dsotnikov -DontUseDefaultIncludedProperties
and
Get-QADUser dsotnikov -DontUseDefaultIncludedProperties
The former is way more efficient than the latter because the -SamAccountName parameter (or any other parameter besides the generic implied -Identity) lets us optimize the query specifically to search by that attribute rather than do the Ambiguous Name Resolution which we use otherwise. Be specific in your parameters and we will give you the fastest results!
Tags: AD, AD cmdlets, Active Directory, Examples, KB, Knowledge Base, PowerShell
Subscribe by email
Dmitry's Blog: Cloud, PowerShell and beyond 
Hi Dmitry, This is a great post! I am new to Powershell and this is an extremely useful post. Thank you.
I have written a simple script based on your post:
Get-QADUser -SizeLimit 0 -LdapFilter “(&(objectCategory=person)(objectClass=user))” `
-DontUseDefaultIncludedProperties -IncludedProperties FirstName,LastName,DisplayName,DN,SamAccountName,EmployeeID,PrimarySMTPAddress,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf | Format-List -Property FirstName,LastName,DisplayName,DN,SamAccountName,EmployeeID,PrimarySMTPAddress,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf | Out-File $outfile -Encoding utf8 -width 1000
Through some experimentation, I have found that the Format-List seems to be the piece that takes the majority of the time. Have you seen this behavior in your experience? Is there anything I can do to speed this step up?
Thank you,
Hal
Format-List is just a built-in Microsoft cmdlet for formatting of the output data. You do not have to use it – if the default output that you are getting without it is good enough for you – just remove it from the pipeline.