Active Directory: Measure DC Response Time with PowerShell when Running LDAP Query

This Wiki article was created to share with you how it is possible to measure the response time of your Domain Controllers when running an LDAP query. This task can be easily achieved using Windows PowerShell by combining the use of Measure-Command and LDAP querying cmdlets.

The script to use for the measurement is the following one:

#####################Variables##################### $numberoftests = 10 ################################################### #####################Main##################### import-module activedirectory cls $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $domaincontrollers = $myforest.Sites | % { $_.Servers } | Select Name foreach ($DomainController in $DomainControllers)  {   $totalmeasurement = 0   $i = 0   while ($i -ne $numberoftests)   {   $measurement = (Measure-Command {Get-ADUser Administrator -Server $DomainController.name}).TotalSeconds   $totalmeasurement += $measurement   $i += 1   }   $totalmeasurement = $totalmeasurement / $numberoftests   "Domain Controller: " + $DomainController.name + ", Response time: " + $totalmeasurement + " seconds" }

 

The shared script does the following:

• It identifies your current AD forest and the list of Domain Controllers in it
• It queries each Domain Controller multiple times using Get-ADUser Administrator query
• It measures and displays the average processing time of each Domain Controller

The number of measured queries is stored in $numberoftests variable and the LDAP query can be updated by replacing Get-ADUser Administrator with the query you would like to test.

Important: The higher the number you have for the $numberoftests variable value, the more accurate results you get.

 

Below is an example of a screen capture we get for results we had when running the script: