PowerShell AD Script using Get-ADGroup - Invalid Enumeration Context

Question

I am using this script to extract a load of information to a tab delimited flat text file that is used by another program. The script works well, creating the file and populating it with data, but when it reaches around 250MB of data, I get the error listed below. I believe that this is being caused as I'm just trying to gather too much data, but I'm not sure how to fix it!

Script:

Import-module ActiveDirectory
    $Domain = 'DomainName'
    Get-ADGroup -Filter * -Properties * | ForEach-Object {
        $Group = $_
        Get-ADGroup $Group -Properties Members | Select-Object -ExpandProperty Members | Get-ADObject | ?{$_.ObjectClass -eq "user"} |  
            Get-ADUser -Properties * | Select-Object @{
              Name = 'Domain'
                Expression = { $Domain }
          }, @{
              Name = 'Group Name'
                Expression = { $Group.Name }
          }, @{
              Name = 'Type'
                Expression = { $Group.GroupCategory }
          }, @{
              Name = 'Description'
              Expression = { $_.Description }
          }, @{
                Name = 'Distinguished Name'
              Expression = { $_.DistinguishedName }
            }, @{
                Name = 'Managed By'
                Expression = { $Group.ManagedBy }
            }, @{
                Name = 'Members'
              Expression = { $_.MemberOf }
            }, @{
                Name = 'Full Name'
              Expression = { $_.Name }
            }, @{
              Name = 'User Name'
              Expression = { $_.SamAccountName }
          }, @{
              Name = 'Display Name'
              Expression = { $_.DisplayName }
          }
    } | Export-Csv -delimiter "`t" -path C:\Test.txt –nti

Edit: I have tried to use the directorysearcher tool as I know that gets round the indexing issue, however I can't get the code right. I need to get users and group information. I've got the user information but its not picking up data for all users, how can I search for all users in a domain?

    Import-module ACtiveDirectory
    $Domain = 'domain'

    $strFilter = "(&(objectCategory=person)(objectClass=user))"
    $objCollection=@()
    $objDomain = New-Object System.DirectoryServices.DirectoryEntry

    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $objDomain
    $objSearcher.PageSize = 1000
    $objSearcher.Filter = $strFilter
    $objSearcher.SearchScope = "Subtree"

    $colProplist = "name", "samaccountname", "description", "distinguishedname", "memberof", "displayname"
    foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

    $colResults = $objSearcher.FindAll()

    $objCollection = $colResults | select -Expand Properties |
    select @{
        n = 'Domain'
            e = { $Domain }
    }, @{
        n = 'Group Name'
            e = { $Group.Name }
    }, @{
        n = 'Type'
            e = { $Group.GroupCategory }
    }, @{
        n = 'Description'
        e = { $_.description }
    }, @{
            n = 'Distinguished Name'
        e = { $_.distinguishedname }
        }, @{
            n = 'Managed By'
            e = { $Group.ManagedBy }
        }, @{
            n = 'Members'
        e = { $_.memberof }
        }, @{
            n = 'Full Name'
        e = { $_.name }
        }, @{
        n = 'User Name'
        e = { $_.samaccountname }
    }, @{
        n = 'Display Name'
        e = { $_.displayname }
    }

    $objCollection | Export-Csv -delimiter "`t" -path C:\Test9.txt -nti

Answer 1

I would like to offer this as an alternative to your script. It uses the AD SnapIn, and builds a user list as needed.

Import-module ActiveDirectory
$Domain = 'DomainName'
$Groups = Get-ADGroup -Filter * -Properties Name,GroupCategory,ManagedBy,Members | ForEach-Object {
$Users = @()
$Results = @()
ForEach($Group in $Groups){
    $Group.Members | ForEach{  
        $UserDN = $_
        If($Users.DistinguishedName -contains $UserDN){
            $User = $Users | Where{$_.DistinguishedName -eq $UserDN}
        }Else{
            $User = Get-ADUser $UserDN -Properties DisplayName,Description,DistinguishedName,MemberOf,Name,SamAccountName
            $Users += $User
        }
        $Results += [PSCustomObject]@{
            'Domain' = $Domain
            'Group Name'= $Group.Name
            'Type' = $Group.GroupCategory
            'Description' = $User.Description
            'Distinguished Name' = $User.DistinguishedName
            'Managed By' = $Group.ManagedBy
            'Members' = $User.MemberOf
            'Full Name' = $User.Name
            'User Name' = $User.SamAccountName
            'Display Name' = $User.DisplayName
        }
    }
} 
$Results | Export-Csv -delimiter "`t" -path C:\Test.txt –nti

Now if that gives you indexing errors, or memory issues you could collect users per group, and output each group to a CSV appending as you go. To do that you would add a new line immediately after ForEach($Group in $Groups){ to read:

$GroupMembers = @()

Change $Results += [PSCustomObject]@{ to be:

$GroupMembers += [PSCustomObject]@{

And finally change the last two lines to be:

    $GroupMembers | Export-Csv -delimiter "`t" -path C:\Test.txt –nti -append
}