问题
I have a really simple question. What is better to use? AD Module (ie. Get-ADComputer) or DirectoryServices .NET Class when trying to connect to AD and pull all computers, users, and groups from a Domain. Or does it not matter at all?
The key factors I judge on for which method to use are:
- Which method's scripts will run faster?
- Which puts less load on the network / AD
- What limitations may each method have?
I know that the AD Module is only installed default on Win Server 2008 R2 and later, so that is a down side obviously given on an older server, the module isn't installed by default. But in today's world that really shouldn't be much of a problem given there aren't a lot of environments with all servers older than 2008 R2.
All I am trying to do is extract to a .csv all User objects (and some important fields/attributes), all Computer objects, and all Group objects. So basically "searching" the AD objects and looping through each result row and then saving to a table to export to .csv.
回答1:
The ActiveDirectory cmdlets are far, far more intuitive than using System.DirectoryServices, however you may lose some of the control that System.DirectoryServices offers. For most cases, especially for people new to PowerShell, I would recommend using the ActiveDirectory cmdlets.
As far as speed, like @sodawillow suggested, you can measure the execution time of each and then use the fastest. I could give you anecdotes, but they would not be representative of everyone's experiences.
回答2:
I add your last comment to the question, because it just discribes a small tool which is present on Windows Servers from a long time.
Csvde.exe use a syntax very close to Ldifde.exe, and it allow you to extract Active-Directory object using the LDAP query syntax. As far as I understand, these tools are powered by ADSI.
You can have a look to this answer.
来源:https://stackoverflow.com/questions/33862471/should-i-use-the-active-directory-module-cmdlets-or-directoryservices-net-class