locked
The Size Limit for this request was exceeded,when trying to get a list of all groups and group members from A specified OU RRS feed

  • Question

  • Hello,

    Still learning PowerShell and would be grateful if someone can help.I am trying to write the command below which will search a specified OU, get all the list of the groups there and its group members and then export it to a CSV to show which group a user is a member of. The information is below but for some reason, it fails with the error The size limit for this request was exceeded

    $groupou= 

    $Group = Get-ADGroup -filter * -SearchBASE $GroupOU 

    $Group | foreach{

    $Groupname = $_.name


    $members = Get-ADGroupMember $_.samaccountname| select Name,displayname

    $members | foreach{

    $member = $_.Name
    $coll = "" | Select ADGroupName,MemberName
    $coll.ADGroupName = $Groupname

    $coll.MemberName = $member

    $collection +=$coll
    }

    }
    $collection | Export-Csv C:\newfolder\ADGroupmembers.csv  -notypeinformation

    Can anyone help on how to get this to work please?





    Wednesday, September 27, 2017 12:36 PM

Answers

  • @vintagevintage

    please use below code, i have copied it from with modification regarding -resultsize: 

    https://community.spiceworks.com/topic/599702-script-to-list-groups-a-user-is-a-member-of 

    It looks like a good way to go for You problem, You can Use Get-ADPrincipalGroupMembership to list groups that User is a member of.

    Import-Module ActiveDirectory
    $users = Get-ADUser -ResultSize Unlimited -SearchBase "OU=Users,OU=Corporate,DC=Correct,DC=COM" -Filter * 
    $logfile = "C:\correct_file_path.txt"
    
    foreach($user in $users){
      add-content $logfile $user.Name
      $groups = Get-ADPrincipalGroupMembership $user.SamAccountName 
      foreach($group in $groups){
        add-content $logfile $group.name
      }
    }
    Cheers


    Please remember to mark the replies as an answers if they help.

    • Proposed as answer by MartinITPro Thursday, September 28, 2017 11:11 AM
    • Marked as answer by vintagevintage Friday, October 6, 2017 11:49 AM
    Thursday, September 28, 2017 11:11 AM
  • Hi Fred,

    i am getting the error below when i replace the query

    Get-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At line:7 char:25
    + $members = $_.Members | Get-ADObject  -Properties DisplayName | Selec ...

    Hi,

    sorry about that, had a pasting error in there:

    # Previous line
    $members = Get-ADGroupMember $_.samaccountname| select Name,displayname
    
    # Replace it with this:
    $members = $group.Members | Get-ADObject -Properties DisplayName | Select Name, DisplayName

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Thursday, September 28, 2017 12:06 PM

All replies

  • Hey

    Please add "-resultsize Unlimited" to Your Get-ADGroupMembers and Get-ADGroup - that should solve Your issue.

    Cheers


    Please remember to mark the replies as an answers if they help.


    • Edited by MartinITPro Wednesday, September 27, 2017 12:43 PM typo
    Wednesday, September 27, 2017 12:42 PM
  • Thanks Msajpel but it appears -resultsize Unlimited does not work with Get-adgroupmember
    Wednesday, September 27, 2017 1:43 PM
  • Read up on the differences between ForEach-Object and the foreach loop.

    Read up on calculated properties.

    Give the below a go:

    $groupou = 
    
    $Groups = Get-ADGroup -filter * -SearchBASE $GroupOU 
    
    $results = foreach ($Group in $Groups){
    
        $members = Get-ADGroupMember $Group.samaccountname | select name, displayname
        $memberstoexport = $members | select @{n="GroupName";e={$Group.name}}, @{n="MemberName";e={$_.name}}, @{n="MemberDisplayName";e={$_.displayname}}
    
    }
    
    $results | export-csv c:\folder\file.csv -Encoding utf8 -NoTypeInformation

    Wednesday, September 27, 2017 2:54 PM
  • Hi,

    well ... you appear to have quite a few users in there ... too much for a single query. We can work with that:

    # At the top, ask for one more property
    $Group = Get-ADGroup -filter * -SearchBASE $GroupOU -Properties Members

    Then later you can run it like this:

    # Previous line
    $members = Get-ADGroupMember $_.samaccountname| select Name,displayname
    
    # Replace it with this:
    $members = $_.Members | Get-ADObject -Properties DisplayName | Select Name, DisplayName

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Wednesday, September 27, 2017 3:48 PM
  • Hi Pawel,

    I have just tried the script you sent to me and i am getting the same "the size limit for this request was exceeded"

    Wednesday, September 27, 2017 5:31 PM
  • Hi Fred,

    i am getting the error below when i replace the query

    Get-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At line:7 char:25
    + $members = $_.Members | Get-ADObject  -Properties DisplayName | Selec ...

    Wednesday, September 27, 2017 5:37 PM
  • Wednesday, September 27, 2017 5:39 PM
  • @vintagevintage

    please use below code, i have copied it from with modification regarding -resultsize: 

    https://community.spiceworks.com/topic/599702-script-to-list-groups-a-user-is-a-member-of 

    It looks like a good way to go for You problem, You can Use Get-ADPrincipalGroupMembership to list groups that User is a member of.

    Import-Module ActiveDirectory
    $users = Get-ADUser -ResultSize Unlimited -SearchBase "OU=Users,OU=Corporate,DC=Correct,DC=COM" -Filter * 
    $logfile = "C:\correct_file_path.txt"
    
    foreach($user in $users){
      add-content $logfile $user.Name
      $groups = Get-ADPrincipalGroupMembership $user.SamAccountName 
      foreach($group in $groups){
        add-content $logfile $group.name
      }
    }
    Cheers


    Please remember to mark the replies as an answers if they help.

    • Proposed as answer by MartinITPro Thursday, September 28, 2017 11:11 AM
    • Marked as answer by vintagevintage Friday, October 6, 2017 11:49 AM
    Thursday, September 28, 2017 11:11 AM
  • Hi Fred,

    i am getting the error below when i replace the query

    Get-ADObject : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At line:7 char:25
    + $members = $_.Members | Get-ADObject  -Properties DisplayName | Selec ...

    Hi,

    sorry about that, had a pasting error in there:

    # Previous line
    $members = Get-ADGroupMember $_.samaccountname| select Name,displayname
    
    # Replace it with this:
    $members = $group.Members | Get-ADObject -Properties DisplayName | Select Name, DisplayName

    Cheers,
    Fred


    There's no place like 127.0.0.1

    Thursday, September 28, 2017 12:06 PM