Server-Side vs. Client-Side Active Directory Filtering

Adam Bertram

Adam Bertram

Read more posts by this author.

Searching for objects in Active Directory is a cinch with PowerShell. However, you need to know how to use filters to be the most efficient with your time!

When filtering objects in Active Directory we’ve got two options; server-side filtering and client-side filtering. Server-side filtering is using the Filter parameter while client-side filtering is using Where-Object.

Filtering is filtering, right? You get the same information in the end! Technically yes, you’re right. However, would you rather be staring at a Powershell console 10x longer just watching that blinking cursor or be the most efficient as possible and get more stuff done! Let’s choose the latter.

Here’s an example of the difference. In this example, I’ve got around 8,300 user accounts in this Active Directory environment. All I want to do is find all users that have ‘bob’ in their first name.

PowerShell Active Directory filter performance
PowerShell Active Directory filter performance

You’re seeing that right. A more than 10x speed improvement using the Filter parameter! Yet (I promise) the data you’re going to get is exactly the same. How can this be you ask! The answer is where the filtering is being done.

By using the Filter parameter you’re essentially telling PowerShell to issue a more constrictive LDAP query. What this means is that the filtering is being done on the server directly on the database. This makes sense it’s going to be a whole lot faster than grabbing all Active Directory users, loading them up in memory of your computer then filtering them.

When you use Where-Object to filter you’re telling the server the just give me everything you got and I’ll sort it out later (down the pipeline). It’s a much slower process because of the additional overhead (server processing all users, sending that data to your PowerShell session, PowerShell loading it up in memory, and finally picking out what you want).

This topic reminded me of the topic of batch processing and the lean manufacturing methodology. If you’ve got a group of processes to run against a set of objects people tend to think it’ll be faster to just complete the same process on each object at a time thus batching the processes together. However, lean says it’s always faster to completely finish all processes on each object. It’s pretty interesting stuff if you’re not aware! In fact, if you’re an entrepreneur it’d be a good idea to check out Eric Ries’ book The Lean Startup. It’s an excellent read.

Subscribe to Adam the Automator

Get the latest posts delivered right to your inbox

Looks like you're offline!