I'm trying to compare two AD groups (Over 5000 users) and find matching users in it. After that I want to locate those users and remove them from one of the AD groups.
I get exceeded over 5000 and it errors out.
Compare-Object (Get-ADGroupMember "Imprivata1") (Get-ADGroupMember "Imprivata2") -Property "Name" -IncludeEqual | Sort-Object Name | Export-Csv "C:\users\$env:username\Desktop\compareadgroups3.csv" -Encoding UTF8 -NoTypeInformation
Indeed, the maximum number of group members Get-ADGroupMember
can retrieve is 5000. If there are more members in the group, you will see error
Get-ADGroupMember: The size limit for this request was exceeded
You can overcome that by using Get-ADGroup
and expand the .Member
property.
$members1 = (Get-ADGroup 'Imprivata1' -Properties Member).Member
$members2 = (Get-ADGroup 'Imprivata2' -Properties Member).Member
This will give you arrays of DistinguishedName
items, which will serve perfectly to uniquely identify the users, way better than you could using the .Name
property. (The DistinguishedName is unique within the same domain, the Name property is not)
Remember that both Get-ADGroupMember
and the .Member
property from the code above can return objects of type user, group and computer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.