Memory getting Eaten up Issue

Question

I am trying to find recursively the groups on folders and their distinguished names (DN) through an extensive structure of directories / subdirectories on a NAS share.

I made code and it works, but it is slow and gobbles up memory for some reason.

I am looking for help to understand what I might be doing wrong, or if there is a faster / less memory intensive way to do this.

• It seems to slow down where it takes each $acct and creates the $acctsQADObject with Get-QADObject.

• I see 8-10 $acct per container (directory), and it takes about 5 seconds or more to process each.

• It seems like each iteration of $acct is caching something that it does not release, so each loop of $acct you can watch memory increase by 0.02+ MB.

• I was popping off the $acct from $accts and trying to force $acctsQADObject to $null to try and get some memory to clear. It does not seem to help at all though. The $groups hash is then taken to another function to get the users for each group, but I think that is fine.

Note: The Get-QADObject was from quest.com, and their forum seems pretty silent, so I was hoping to find help here.

The code I have to date:

    $containers = @(Get-Item -Path $Path | ? {$_.psIscontainer})
    $containers += Get-ChildItem -Path $Path -Recurse | ? {$_.psIscontainer}

    if ($containers -eq $null) {break}
    while ($containers) {
        $container,$containers = $containers
        Write-Output "Container: " $container
        $accts=$null
        $accts=@()
        $accts = @((Get-ACL $container.fullname).Access)
        while ($accts) {
            $acct,$accts = $accts
            $acctsQADObject = $null
            $acctsQADObject = Get-QADObject -PageSize 1000 -DontUseDefaultIncludedProperties -SizeLimit 0 -Identity ([string]$acct.IdentityReference) 
            if ($acctsQADObject.ObjectClass -contains 'group') {
                $Name = $acctsQADObject.Name
                $DN = $acctsQADObject.DN
                $key = "$($Name)|$($DN)"
                if (!$groups.ContainsKey($key) -and $key -notcontains "Group|Member") {
                    Write-Output "Found first reference to a group: $($DN) assigned to directory $container"
                    $msg += "Found first reference to a group: $($DN) assigned to directory $container `n"
                    $groups.add($key,$DN)
                }
            }                           

        }
    }

Answer 1

Why not use Get-QADGroup instead of Get-QADObject? That way you're guaranteed to get a group. Then you can just pull the DN property from it. I wrote some code that's useful for folder audit stuff that it sounds like you're trying to do. It can be found in another post here. To get members of a group, you can use Get-QADGroupMember $groupname -Indirect.