*** more than 5k in the group*** Count how many active directory group members for more than one AD group
Hi SubSun or all .. forgot to mention the group contains more than 5000 users in the group so the script below times out.
Can someone help me modify this ?
Import-Module Activedirectory
GC C:\group.txt | %{
New-Object PSobject -Property @{
Group = $_
UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
}
}| Select Group,UserCount
Can someone help me modify this ?
Import-Module Activedirectory
GC C:\group.txt | %{
New-Object PSobject -Property @{
Group = $_
UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
}
}| Select Group,UserCount
ASKER
Hi SubSun
Tested with my DA account from a DC and it also failed with the error below .
This was just one group in the text file with over 5000 accounts .
Get-ADGroupMember : The size limit for this request was exceeded
At C:\PS\GetGroupCount.ps1:5 char:15
+ UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MyGroup:ADGroup) [Get-ADGroupMember], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8227
weird is this does work with the same group over 5000 accounts with or without the DA account.
(Get-ADGroup MyGroup -properties *).member.count
All groups are from the same domain .
Tested with my DA account from a DC and it also failed with the error below .
This was just one group in the text file with over 5000 accounts .
Get-ADGroupMember : The size limit for this request was exceeded
At C:\PS\GetGroupCount.ps1:5 char:15
+ UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MyGroup:ADGroup) [Get-ADGroupMember], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8227
weird is this does work with the same group over 5000 accounts with or without the DA account.
(Get-ADGroup MyGroup -properties *).member.count
All groups are from the same domain .
You need to modify the MaxGroupOrMemberEntries to more than 5000
Ref : https://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx
If that's not possible then, I can try to write a workaround code..
Or do you have quest AD PowerShell module?
Ref : https://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx
If that's not possible then, I can try to write a workaround code..
Or do you have quest AD PowerShell module?
ASKER
I can't modify the MaxGroupOrMemberEntries .. toooooooo many approvals required ..
Yes , I have the quest AD PoweShell Module .
Yes , I have the quest AD PoweShell Module .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this worked but I got the warning message about only being able to retrieve the first 1000 results , so it does not give me the total number .
.. increase the size limi using the -Sizelimit parameter or set the default size limit using the Set-QASPSSnapinSettings ..
.. increase the size limi using the -Sizelimit parameter or set the default size limit using the Set-QASPSSnapinSettings ..
Change line 5 to following..
UserCount = (Get-QADGroupMember $_ -Type 'user' -Indirect -Sizelimit 0 | Measure).CountASKER
Thanks man .. definitely slower than the one liner but it will work .. thanks !
Or is it a multi domain environment? Do you have groups from other domain as member of the group which you are checking?