Compare AD group members with PowerShell
Question
I'm trying to compare two AD groups (Over 5000 users) and find matching users in it. After that I want to locate those users and remove them from one of the AD groups.
I get exceeded over 5000 and it errors out.
Compare-Object (Get-ADGroupMember "Imprivata1") (Get-ADGroupMember "Imprivata2") -Property "Name" -IncludeEqual | Sort-Object Name | Export-Csv "C:\users\$env:username\Desktop\compareadgroups3.csv" -Encoding UTF8 -NoTypeInformation
1 answers
solution1
0 2022-09-01 13:08:41
Indeed, the maximum number of group members Get-ADGroupMember can retrieve is 5000. If there are more members in the group, you will see error
Get-ADGroupMember: The size limit for this request was exceeded
You can overcome that by using Get-ADGroup and expand the .Member property.
$members1 = (Get-ADGroup 'Imprivata1' -Properties Member).Member
$members2 = (Get-ADGroup 'Imprivata2' -Properties Member).Member
This will give you arrays of DistinguishedName items, which will serve perfectly to uniquely identify the users, way better than you could using the .Name property. (The DistinguishedName is unique within the same domain, the Name property is not)
Remember that both Get-ADGroupMember and the .Member property from the code above can return objects of type user, group and computer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.