Deprovisioned user report - performance

Question

Hi All 
 I'm trying to construct a PowerShell report which will give me a list of Users created and deprovisioned in the previous calendar month. 
 So far, I have it working, but the search for deprovisioned users takes forever (An hour or two - I have 100,000 user objects in AD) using this command: 
 get-qaduser -SearchAttributes @{edsvaDeprovisionStatus='1'} -SizeLimit 0 -DontUseDefaultIncludedProperties -IncludedProperties userprincipalname,mail,edsvadeprovisionreportxml,edsvaDeprovisionStatus 
 
 After I get the list of users, I then have to deconstruct the XML report in the edsvadeprovisionreportxml attribute of each user to find the date the Deprovision was requested like this: 
 [xml]$xml = $_.edsvadeprovisionreportxml [datetime]$DeprovDate = $xml.report.table.row.sections.section[1].list.item | where {$_.name -eq 'Requested:'} | %{$_.t.date} 
 
 2 questions: 
 1 - Can this query be improved for faster performance? I'm wondering if it's possible to have ARS index the edsvaDeprovisionStatus attribute for better search performance. Maybe different search criteria or syntax? 
 
 2. Is it possible to search for the deprovision date "natively", or am I stuck with the XML report deconstruction? 
 
 Thanks 
 Joe

JohnnyQuest · Accepted Answer

I have a report of sorts that I generate regularly based off the AR transaction history information (data that is used to build object change history). 
 
This the PoSh code that I used to pull this data: 
 
# ARSConnection comes from a Connect-QADservice command to the AR server 
# LastWeek is just a calculation of today minus 7 days 
 
$DeprovisionTransactions = Get-QARSOperation -Connection $ARSConnection -InitiatedAfter $LastWeek -TargetObjectType user -OperationType 'Deprovision' 
 
There's some more code that I use to further parse what comes back but even if you just took $DeprovisionTransactions and pipe it to 'format-list' you will get a sense of what the data looks like. 
 
I think this is more efficient than searching your 100K object AD...just saying.

JohnnyQuest · Answer

The other thing I was going to suggest is to get ActiveRoles to do the work for you in building your list of deprovisioned users. You could create a Managed Unit that has a membership rule / query that searches on edsvaDeprovisionStatus='1'. Then you can use the Managed Unit's distinguished name as your 'SearchRoot' parameter for your Get-QADUser if you still want to use your current approach.