Hi all,
Most of us are aware about the
two minute timeout for queries using AD Module in PS. And this timeout is unchangeable.
However sometimes a time consuming query is unavoidable. Imagine this scenario:
There are 500,000 users in one OU in which all accounts except maybe two dozens have account expiry date. My task is to find them out and put an expiry date on them. My code is like this:
Get-ADUser -SearchBase:'OU=MyOU,DC=MyDomain,DC=COM' -RessultPageSize:10 -ResultSetSize:$null -LDAPFilter:"(|(accountExpires=9223372036854775807)(accountExpires=0))" | Set-ADUser -AccountExpirationDate:$date
However it just keeps timing out:
Get-ADUser : This operation returned because the timeout period expired
At line:1 char:11
+ Get-ADUser <<<< -SearchBase:'OU=MyOU,DC=MyDomain,DC=COM
' -ResultPageSize:10 -ResultSetSize:$null -LDAPFilter:"(|(accountExpires=922337
2036854775807)(accountExpires=0))" | Measure-Object
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : This operation returned because the timeout peri
od expired,Microsoft.ActiveDirectory.Management.Commands.GetADUser
This I understand. The job basically have to scan through thousands of objects with negative results, and it times out well before the first positive is yielded.
So does this mean I can't do this with AD Module and have to resort to something likeSDS?
Thanks.
