0

I am trying to find recursively the groups on folders and their distinguished names (DN) through an extensive structure of directories / subdirectories on a NAS share.

I made code and it works, but it is slow and gobbles up memory for some reason.

I am looking for help to understand what I might be doing wrong, or if there is a faster / less memory intensive way to do this.

  • It seems to slow down where it takes each $acct and creates the $acctsQADObject with Get-QADObject.

  • I see 8-10 $acct per container (directory), and it takes about 5 seconds or more to process each.

  • It seems like each iteration of $acct is caching something that it does not release, so each loop of $acct you can watch memory increase by 0.02+ MB.

  • I was popping off the $acct from $accts and trying to force $acctsQADObject to $null to try and get some memory to clear. It does not seem to help at all though. The $groups hash is then taken to another function to get the users for each group, but I think that is fine.

Note: The Get-QADObject was from quest.com, and their forum seems pretty silent, so I was hoping to find help here.

The code I have to date:

    $containers = @(Get-Item -Path $Path | ? {$_.psIscontainer})
    $containers += Get-ChildItem -Path $Path -Recurse | ? {$_.psIscontainer}

    if ($containers -eq $null) {break}
    while ($containers) {
        $container,$containers = $containers
        Write-Output "Container: " $container
        $accts=$null
        $accts=@()
        $accts = @((Get-ACL $container.fullname).Access)
        while ($accts) {
            $acct,$accts = $accts
            $acctsQADObject = $null
            $acctsQADObject = Get-QADObject -PageSize 1000 -DontUseDefaultIncludedProperties -SizeLimit 0 -Identity ([string]$acct.IdentityReference) 
            if ($acctsQADObject.ObjectClass -contains 'group') {
                $Name = $acctsQADObject.Name
                $DN = $acctsQADObject.DN
                $key = "$($Name)|$($DN)"
                if (!$groups.ContainsKey($key) -and $key -notcontains "Group|Member") {
                    Write-Output "Found first reference to a group: $($DN) assigned to directory $container"
                    $msg += "Found first reference to a group: $($DN) assigned to directory $container `n"
                    $groups.add($key,$DN)
                }
            }                           

        }
    }
4

1 回答 1

0

为什么不使用Get-QADGroup代替Get-QADObject?这样你就可以保证得到一个组。然后,您可以从中提取 DN 属性。我写了一些对文件夹审计很有用的代码,听起来像是你正在尝试做的。它可以在这里的另一篇文章中找到。要获取组成员,您可以使用Get-QADGroupMember $groupname -Indirect.

于 2012-08-17T14:43:26.273 回答