?
Solved

how to get AD group member count for a group with more then 5000 users

Posted on 2014-04-28
4
Medium Priority
?
5,821 Views
Last Modified: 2014-04-28
Hi EE

I need to get the count for users in certain AD groups that have more then 10k users and neither of these options allow me to get the count . I don't want to modify the DC settings to expand the 5000 threshold  .  Does anyone have a work around for this ?

both of these fail .

Get-ADGroupMember "Test_Group" | Measure-Object | select count

If ([array]$users = (Get-ADGroupmember -Identity "Test_Group")) {
"Number of users in group: $($users.count)"
}
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 40028576
Try this:

$members = Get-QADGroupMember -SizeLimit 0 'domain users' -ldap "(&(!userAccountControl:1.2.840.113556.1.4.803:=2))"
@($members).count

This does require the Quest PowerGUI from Dell, which can be found at

http://www.quest.com/powergui-freeware/
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 1000 total points
ID: 40028579
If you want to use native code, try

$group =[adsi]”LDAP://CN=Groupname,CN=Users,DC=domain,DC=local” 
$members = $group.psbase.invoke("Members") | foreach {$_.GetType().InvokeMember("name",'GetProperty',$null,$_,$null)} 
$members.count

Open in new window

0
 
LVL 40

Assisted Solution

by:footech
footech earned 1000 total points
ID: 40028624
Here's another script bit using the adsisearcher type accelerator.  Just put in the name of your group instead of "some group" (can also use wildcards).  One note - it won't list members of the group that have that group set as the account's primary group.  If you never change this from "Domain Users" then it's not a problem.
([ADSISearcher]"(&(ObjectClass=group)(name=some group))").FindAll() | % {$_.properties.member}

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40028742
Thank you both !! EE Rocks !
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question