Powershell - Get-ADGroupMember : The size limit for this request was exceeded
Hi EE
I have the script below that I need to get data from a group with over 20k acccounts ..
Any idea what I need to modify to make it work ?
Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_ -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroupMember $Group.Name | Get-aduser -Properties * |
Select @{L='GroupName';e={$Group.
}
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation
I have the script below that I need to get data from a group with over 20k acccounts ..
Any idea what I need to modify to make it work ?
Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_ -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroupMember $Group.Name | Get-aduser -Properties * |
Select @{L='GroupName';e={$Group.
}
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation
Based on http://mctexpert.blogspot.in/2013/07/how-to-exceed-maximum-number-of-allowed.html, the ADWS (Active Directory Web Service) cmdlets have server-side limits of
a) the maximum number of objects to retrieve (5000)
b) the allowed time for completing (5 minutes)
The timeout setting is not negotiable, but you can change the object limitation. Though that should only be done in rare cases - most of the time the limit is reasonable, and having to set a bigger one is usually a failure in design.
You'll have to change the file %WinDir%\ADWS\Microsoft.Ac
a) the maximum number of objects to retrieve (5000)
b) the allowed time for completing (5 minutes)
The timeout setting is not negotiable, but you can change the object limitation. Though that should only be done in rare cases - most of the time the limit is reasonable, and having to set a bigger one is usually a failure in design.
You'll have to change the file %WinDir%\ADWS\Microsoft.Ac
<add key=”MaxGroupOrMemberEntries” value=”25000”/>ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thak you Subsun this worked ..
Thank you all for the other info as well ..
Thank you all for the other info as well ..
It might work, but seems to be ineffective for that much objects, as the AD is queried many, many times instead of having single calls. It depends on the focus - getting it to work at all, or being able to do without much workload and in reasonable time.
will keep in mind.. thanks for reminder :)