Solved

*** more than 5k in the group*** Count how many active directory group members for more than one AD group

Posted on 2016-09-01
8
74 Views
Last Modified: 2016-09-02
Hi SubSun or all ..  forgot to mention the group contains more than 5000 users in the group so the script below times out.
Can someone help me modify this ?

Import-Module Activedirectory
GC C:\group.txt | %{
      New-Object PSobject -Property @{
      Group = $_
      UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
      }
}| Select Group,UserCount
0
Comment
Question by:MilesLogan
  • 4
  • 4
8 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 41781481
Do you have full rights on all the groups members of this groups which you are checking? Try to run the script with a domain admin account and see if it gives same error.

Or is it a multi domain environment? Do you have groups from other domain as member of the group which you are checking?
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 41781671
Hi SubSun

Tested with my DA account from a DC and it also failed with the error below .
This was just one group in the text file with over 5000 accounts .

Get-ADGroupMember : The size limit for this request was exceeded
At C:\PS\GetGroupCount.ps1:5 char:15
+     UserCount = (Get-ADGroupMember $_ -Recursive | Measure).Count
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MyGroup:ADGroup) [Get-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8227,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

weird is this does work with the same group over 5000 accounts with or without the DA account.
(Get-ADGroup MyGroup -properties *).member.count

All groups are from the same domain .
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41781719
You need to modify the MaxGroupOrMemberEntries to more than 5000

Ref : https://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx

If that's not possible then, I can try to write a workaround code..


Or do you have quest AD PowerShell module?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Author Comment

by:MilesLogan
ID: 41781809
I can't modify the MaxGroupOrMemberEntries  .. toooooooo many approvals required ..

Yes , I have the quest AD PoweShell Module .
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 41781819
Ok try this from Quest AD PoweShell Module and see if it works..
Add-PSSnapin Quest* 
 GC C:\group.txt | %{
       New-Object PSobject -Property @{
       Group = $_
       UserCount = (Get-QADGroupMember $_ -Type 'user' -Indirect | Measure).Count
       }
 }| Select Group,UserCount

Open in new window

0
 
LVL 2

Author Comment

by:MilesLogan
ID: 41781919
this worked but I got the warning message about only being able to retrieve the first 1000 results , so it does not give me the total number .


.. increase the size limi using the -Sizelimit parameter or set the default size limit using the Set-QASPSSnapinSettings ..
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41781925
Change line 5 to following..
       UserCount = (Get-QADGroupMember $_ -Type 'user' -Indirect -Sizelimit 0 | Measure).Count

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 41782029
Thanks man .. definitely slower than the one liner but it will work .. thanks !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question