Solved

Powershell - Get-ADGroupMember : The size limit for this request was exceeded

Posted on 2013-10-27
7
10,121 Views
Last Modified: 2013-10-29
Hi EE

I have the script below that I need to get data from a group with over 20k acccounts ..
Any idea what I need to modify to make it work ?

Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroupMember $Group.Name | Get-aduser -Properties * |
Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,LastLogonDate,PasswordLastSet,PasswordExpired,PasswordNeverExpires,CanonicalName
 }
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation
0
Comment
Question by:MilesLogan
7 Comments
 
LVL 6

Expert Comment

by:Satish Auti
ID: 39604846
Mark,

will keep in mind.. thanks for reminder :)
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39604969
Based on http://mctexpert.blogspot.in/2013/07/how-to-exceed-maximum-number-of-allowed.html, the ADWS (Active Directory Web Service) cmdlets have server-side limits of
a) the maximum number of objects to retrieve (5000)
b) the allowed time for completing (5 minutes)

The timeout setting is not negotiable, but you can change the object limitation. Though that should only be done in rare cases - most of the time the limit is reasonable, and having to set a bigger one is usually a failure in design.
You'll have to change the file %WinDir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config on each ADWS domain controller by searching for <appSettings>, and adding the line
<add key=”MaxGroupOrMemberEntries” value=”25000”/>

Open in new window

(or a higher value).
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39605570
Try this workaround..
Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroup $Group.Name -Properties Members | 
		Select-Object -ExpandProperty Members | 
		Get-ADObject -properties Samaccountname | 
		?{$_.ObjectClass -eq "user"}  | Get-aduser -Properties * |
	Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,LastLogonDate,PasswordLastSet,PasswordExpired,PasswordNeverExpires,CanonicalName
 }
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39607366
Thak you Subsun this worked ..

Thank you all for the other info as well ..
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39608004
It might work, but seems to be ineffective for that much objects, as the AD is queried many, many times instead of having single calls. It depends on the focus - getting it to work at all, or being able to do without much workload and in reasonable time.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question