Get-ADGroupMember : The size limit for this request was exceeded RRS feed

  • Question

  • I am trying to extract all members of global groups from AD. Some of the groups will have either Users, Groups or Computer objects in them. Some will contain a mixture of Users and Groups. The problem I have is that some groups have more than 5000 members and that group is not reported out to csv and I can not get past this issue. The script I have included will report out the required information on any combination of  members, but will fail on a group with over 5000 members.  Any assistance would help.
    $Groups = Get-ADGroup "GroupName" 
    $Results = ForEach( $Group in $Groups )
        Get-ADGroupMember -Identity $Groups |
        ForEach {
                      Group  = $Group.Name
                      Name   = $_.samaccountname
                      DSName = $_.Distinguishedname
                } | Export-Csv -NoTypeInformation "u:\temp\AllGlobalGroupMembersTest.CSV"

    Wednesday, April 3, 2019 8:32 PM

All replies

  • Your code is quite faulty.  You are trying to get groups from a group which doesn't make sense given your question.

    Start here. This gives all global groups:

    Get-ADGroup -Filter {GroupScope -eq 'Global'}

    The following gets the members of all global groups:

    Get-ADGroup -Filter {GroupScope -eq 'Global'} | Get-AdGroupMember

    You can add a select to the  end to format the properties you want.


    Wednesday, April 3, 2019 9:06 PM
  • I think I may have not been too clear. The above code uses a single group as an example. I could have used an array or a filter as you descibed.

    My code above works perfectly and only requires a simple modification to get all global groups from AD however, 

    Get-ADGroup -Filter {GroupScope -eq 'Global'} | Get-AdGroupMember returns :

    "Get-AdGroupMember : The size limit for this request was exceeded"

    when it is run against a group with over 5000 members.  Reporting on groups with more than 5000 members with members being in any combination of Users, Groups and Computers is what I need to achieve.

    Wednesday, April 3, 2019 10:25 PM
  • Then your admins have likely set a max query result limit in AD to prevent large queries from bogging the AD server down.

    You can search for articles on how to do a partitioned query.  There is an LDAP filter syntax that allows you to query AD in pieces.

    There are many approaches that can work.  Search to find more.  Also look in the Gallery for ones that use ADSI directly.


    • Edited by jrv Wednesday, April 3, 2019 11:00 PM
    Wednesday, April 3, 2019 10:57 PM