I have the following query
$Groups = (Get-AdGroup -filter * | Where {
($_.name -like "*")
} | select ObjectGUID -expandproperty ObjectGUID)
$Table = @()
$Record = [ordered]@{
"Group _ObjectGUID" = ""
"Name" = ""
"SamAccountName" = ""
"Member_ObjectGUID" = ""
}
Foreach ($Group in $Groups)
{
$Arrayofmembers = Get-ADGroupMember -Recursive -identity $Group | select name,samaccountname,ObjectGUID
foreach ($Member in $Arrayofmembers)
{
$Record."Group _ObjectGUID" = $Group
$Record."Name" = $Member.name
$Record."SamAccountName" = $Member.SamAccountName
$Record."Member_ObjectGUID" = $Member.ObjectGUID
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
$Table | export-csv "C:\temp\AD_group_members.txt" -NoTypeInformation
however i am unable to execute the query as it exceeds the maximum ad return of 5000 it specifically returns the following error message
Get-ADGroupMember : The size limit for this request was exceeded At line:22 char:20 + $Arrayofmembers = Get-ADGroupMember -Recursive -identity $Group | select name, ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (70206804-1c23-4e47-8e9e-e8fb7c688826:ADGroup) [Get-ADGroupMember], ADException + FullyQualifiedErrorId : The size limit for this request was exceeded,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
I can't think of a way to trim this down to get around this because the solution of changing the config on all the domain controllers (300ish) is not an option.
Anyone got any suggestions?
