*** more than 5k in the group*** Count how many active directory group members for more than one AD group

Hi SubSun or all ..  forgot to mention the group contains more than 5000 users in the group so the script below times out.
Can someone help me modify this ?

Import-Module Activedirectory
GC C:\group.txt | %{
      New-Object PSobject -Property @{
      Group = $_
      UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
      }
}| Select Group,UserCount
LVL 2
MilesLoganAsked:
Who is Participating?
 
SubsunCommented:
Ok try this from Quest AD PoweShell Module and see if it works..
Add-PSSnapin Quest* 
 GC C:\group.txt | %{
       New-Object PSobject -Property @{
       Group = $_
       UserCount = (Get-QADGroupMember $_ -Type 'user' -Indirect | Measure).Count
       }
 }| Select Group,UserCount

Open in new window

0
 
SubsunCommented:
Do you have full rights on all the groups members of this groups which you are checking? Try to run the script with a domain admin account and see if it gives same error.

Or is it a multi domain environment? Do you have groups from other domain as member of the group which you are checking?
0
 
MilesLoganAuthor Commented:
Hi SubSun

Tested with my DA account from a DC and it also failed with the error below .
This was just one group in the text file with over 5000 accounts .

Get-ADGroupMember : The size limit for this request was exceeded
At C:\PS\GetGroupCount.ps1:5 char:15
+     UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MyGroup:ADGroup) [Get-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8227,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

weird is this does work with the same group over 5000 accounts with or without the DA account.
(Get-ADGroup MyGroup -properties *).member.count

All groups are from the same domain .
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
SubsunCommented:
You need to modify the MaxGroupOrMemberEntries to more than 5000

Ref : https://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx

If that's not possible then, I can try to write a workaround code..


Or do you have quest AD PowerShell module?
0
 
MilesLoganAuthor Commented:
I can't modify the MaxGroupOrMemberEntries  .. toooooooo many approvals required ..

Yes , I have the quest AD PoweShell Module .
0
 
MilesLoganAuthor Commented:
this worked but I got the warning message about only being able to retrieve the first 1000 results , so it does not give me the total number .


.. increase the size limi using the -Sizelimit parameter or set the default size limit using the Set-QASPSSnapinSettings ..
0
 
SubsunCommented:
Change line 5 to following..
       UserCount = (Get-QADGroupMember $_ -Type 'user' -Indirect -Sizelimit 0 | Measure).Count

Open in new window

0
 
MilesLoganAuthor Commented:
Thanks man .. definitely slower than the one liner but it will work .. thanks !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.