PowerShell Module for Active Directory SID History Now Faster

  • Article

It has been a while since I’ve released any updates to the Active Directory SID History PowerShell Module.  Today’s release leverages improvements in PowerShell v3.0 for faster and better results.

kenner_steve_austin_figure “We can rebuild him. We have the technology.”

Before Stone Cold Steve Austin there was the real Steve Austin, the Six Million Dollar Man. This action figure was one of my favorite Christmas gifts back in the 1970’s. You could look through his bionic eye. And there was a button in his back to lift an engine block with his cyborg arm. A flap of skin on his forearm revealed the super-cool robotics underneath.

In that famous TV episode opening the announcer promised…

Gentlemen, we can rebuild him.
We have the technology…
Better, Stronger, Faster.

I’m no cyborg, but today I am releasing a better, stronger, faster PowerShell module to help you battle Active Directory token size issues and clean up SID history.

Better

In large environments I commonly ran into an issue with the “[“ character in file paths. PowerShell version 3.0 resolves this issue by using the –LiteralPath parameter instead of the –Path parameter for cmdlets working in the file system.

Stronger

Lately I’ve been learning about external help files for PowerShell modules. With this release I have moved the help content from comment-based help inside the module to an external XML help file. I also added an about topic with documentation and release notes. Let me know if you find any mistakes in the updated help.

Faster

Last year I worked with a customer to improve the speed of the most significant function Convert-SIDHistoryNTFS. This involved two changes:

I made a new baseline requirement of PowerShell version 3.0. This gives us the –Directory switch on Get-ChildItem, which saves a huge amount of time when you are scanning a file server with terabytes of files and folders. We only want the folder list anyway. This is a great example of “filter left” in PowerShell.

It turns out that using Out-File –Append for logging can be very expensive for performance and consumes a lot of memory. I converted this to use System.IO.FileStream for much more efficient use of resources and speed.

Result

Now the code is faster, uses less memory, and yields better results. The trade off is that now you must run the code from PowerShell version 3.0 or newer.  I don’t think that is a big deal, because we are almost to version 5.0 as of this writing. Time to level up.

Download

Download the updated PowerShell module from the TechNet Script Center. This download includes both the previous version for PowerShell v2.0 environments and the new version for PowerShell v3.0+ environments. Enjoy!

 ===============================================================================
RELEASE NOTES
===============================================================================

-------------------------------------------------------------------------------
Version 1.6.1
August, 2014

Moved help to external XML file.

Added about_SIDHistory help topic.

-------------------------------------------------------------------------------
Version 1.6
October, 2013

Required manual import of the Active Directory module.

Required PowerShell 3.0 to use the module.

Changed -Path to -LiteralPath in the following functions:
  Convert-SIDHistoryNTFS
    Get-ACL
    Set-ACL
    Get-Item
    Get-ChildItem
This feature of PowerShell 3.0 eliminates the issue with a '[' character in
the path causing an 'Invalid character in path' error.

In Convert-SIDHistoryNTFS added -Force switch to Get-Item and Get-ChildItem to
include hidden folders (if any).

In Conver-SIDHistoryNTFS used -Directory switch on Get-ChildItem instead of
"Where-Object {$_.PSIsContainer -eq $true}".  This should speed up the initial
folder list scan.

In Convert-SIDHistoryNTFS added -ErrorFileXML parameter and XML output of full
error details for deeper analysis of path errors.

In Convert-SIDHistoryNTFS improved execution time by using System.IO.FileStream
instead of "Out-File -Append" for verbose text log.

-------------------------------------------------------------------------------