Get-ADGroupMember:已超出此请求的大小限制 [英] Get-ADGroupMember : The size limit for this request was exceeded
问题描述
我正在尝试从一个文本文件中拉出群组,而我的群组中的一个群组太大,有80,000个人。
I am trying to pull groups in from a text file and one of my groups is too large, 80,000 people.
我该如何工作l,
$groups = Get-Content c:\temp\ADGroups.txt
foreach($group in $groups) {
@(Get-ADGroup $group -Properties Member| Select-Object -ExpandProperty Member).Count
Get-ADGroupMember -Identity $group |
Get-ADObject -Properties Name, DisplayName |
Select-Object -Property @{n="Username";e={$_.Name}}, DisplayName,
@{n="AD Group";e={$group}} |
Export-Csv C:\Users\Desktop\GroupsInfo.CSV -NoTypeInformation -Append
}
推荐答案
Get-ADGroupMember
可以返回的对象数受 ADWS (Active Directory Web服务):
The number of objects that Get-ADGroupMember
can return is restricted by a limit in the ADWS (Active Directory Web Services):
MaxGroupOrMemberEntries
5000
指定Active Directory模块 Get-ADGroupMember $可以检索的组成员(递归或非递归),组成员身份和授权组的最大数量。 c $ c>,
Get-ADPrincipalGroupMembership
和 Get-ADAccountAuthorizationGroup
cmdlet。如果您期望这些cmdlet在您的环境中返回5000多个结果,请将此参数设置为更高的值。
Specifies the maximum number of group members (recursive or non-recursive), group memberships, and authorization groups that can be retrieved by the Active Directory module Get-ADGroupMember
, Get-ADPrincipalGroupMembership
, and Get-ADAccountAuthorizationGroup
cmdlets. Set this parameter to a higher value if you anticipate these cmdlets to return more than 5000 results in your environment.
根据此线程,您应该可以通过查询组对象并扩展其成员
属性(如果您不能增加服务限制):
According to this thread you should be able to work around it by querying group objects and expanding their member
property (if you can't increase the limit on the service):
Get-ADGroup $group -Properties Member |
Select-Object -Expand Member |
Get-ADUser -Property Name, DisplayName
但是请注意,这很可能会速度慢,因为您将发送数千个请求。最好为所有用户建立一个哈希表:
Beware, though, that this is likely to be slow, because you'll be sending thousands of requests. It might be better to build a hashtable of all users:
$users = @{}
Get-ADUser -Filter '*' -Property Name, DisplayName | ForEach-Object {
$users[$_.DistinguishedName] = $_
}
以便您可以按其专有名称查找它们:
so that you can look them up by their distinguished name:
Get-ADGroup $group -Properties Member |
Select-Object -Expand Member |
ForEach-Object { $users[$_] }
这篇关于Get-ADGroupMember:已超出此请求的大小限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!