powershell - Get-ADGroup with -recursive is not working? -
i using get-adgroupmember
command fetch users in ad group. -recursive
helping me fetch members child groups if in parent group well.
however, get-adgroupmember
has upper limit of 5000 entries only.
to tackle if use:
get-adgroup -identity "dept_120_sa" -server "a" -properties * | select-object -expandproperty members |get-aduser
this doesnt work parent ad has child ads , -recursive
not accepted get-adgroup
.
error:
get-adgroup : parameter cannot found matches parameter name 'recursive'. @ line:2 char:79 + get-adgroup -identity "dept_120_sa" -server "mhf.mhc" -properties * -recursive <<<< | select-object -expandproperty members + categoryinfo : invalidargument: (:) [get-adgroup], parameterbindingexception + fullyqualifiederrorid : namedparameternotfound,microsoft.activedirectory.management.commands.getadgroup
my aim display username , mail ids , works me:
get-adgroupmember -server $domain -identity $s -recursive -erroraction stop | get-aduser -properties mail -erroraction stop | select samaccountname, mail
any workaround ? (i willing write recursive function fetch large groups, there must shorter , direct way)
the 5000 limit applies get-adgroupmembers
not get-adusers
, can use ldap_matching_rule_in_chain matching rule (oid 1.2.840.113556.1.4.1941)
.
for example:
get-aduser -ldapfilter "(memberof:1.2.840.113556.1.4.1941:=cn=group,cn=users,dc=ad,dc=local)"
where cn=group,cn=users,dc=ad,dc=local
distinguished name of group want members for.
Comments
Post a Comment