Solved

Powershell - Get-ADGroupMember : The size limit for this request was exceeded

Posted on 2013-10-27
7
10,845 Views
Last Modified: 2013-10-29
Hi EE

I have the script below that I need to get data from a group with over 20k acccounts ..
Any idea what I need to modify to make it work ?

Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroupMember $Group.Name | Get-aduser -Properties * |
Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,LastLogonDate,PasswordLastSet,PasswordExpired,PasswordNeverExpires,CanonicalName
 }
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 8

Expert Comment

by:Satish Auti
ID: 39604846
Mark,

will keep in mind.. thanks for reminder :)
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39604969
Based on http://mctexpert.blogspot.in/2013/07/how-to-exceed-maximum-number-of-allowed.html, the ADWS (Active Directory Web Service) cmdlets have server-side limits of
a) the maximum number of objects to retrieve (5000)
b) the allowed time for completing (5 minutes)

The timeout setting is not negotiable, but you can change the object limitation. Though that should only be done in rare cases - most of the time the limit is reasonable, and having to set a bigger one is usually a failure in design.
You'll have to change the file %WinDir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config on each ADWS domain controller by searching for <appSettings>, and adding the line
<add key=”MaxGroupOrMemberEntries” value=”25000”/>

Open in new window

(or a higher value).
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39605570
Try this workaround..
Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroup $Group.Name -Properties Members | 
		Select-Object -ExpandProperty Members | 
		Get-ADObject -properties Samaccountname | 
		?{$_.ObjectClass -eq "user"}  | Get-aduser -Properties * |
	Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,LastLogonDate,PasswordLastSet,PasswordExpired,PasswordNeverExpires,CanonicalName
 }
}
$Members | Select * | Export-Csv test1027.csv -NoTypeInformation

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39607366
Thak you Subsun this worked ..

Thank you all for the other info as well ..
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39608004
It might work, but seems to be ineffective for that much objects, as the AD is queried many, many times instead of having single calls. It depends on the focus - getting it to work at all, or being able to do without much workload and in reasonable time.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question