Hi out there,
actually i have a problem with the Powershell command "Get-ADGroupMember". One customer has a few groups with more then 5.000 members, so this command will run into the "MaxGroupOrMemberEntries" limit.
Domain functional level is "Windows Server 2003", but there are already a few Windows 2008 R2 DC´s installed with ADWS service configured.
With default "MaxGroupOrMemberEntries" setting the command will result with the limitation error:
Get-ADGroupMember "Sharepoint Users" -Server DC-w2k8r2Get-ADGroupMember : The size limit for this request was exceeded
At line:1 char:1
+ Get-ADGroupMember "Sharepoint Users" -Server DC-w2k8r2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Sharepoint Users:ADGroup) [Get-ADGroupMember], ADException
+ FullyQualifiedErrorId : The size limit for this request was exceeded,Microsoft.ActiveDirectory.Management.Comman
ds.GetADGroupMember
When changing the value to "10000" ( <add key="MaxGroupOrMemberEntries" value="10000" /> ), and restarting service (for troubleshooting also the whole server) i will get this error:
Get-ADGroupMember "Sharepoint Users" -Server DC-w2k8r2Get-ADGroupMember : Unable to contact the server. This may be because this server does not exist, it is currently
down, or it does not have the Active Directory Web Services running.
At line:1 char:1
+ Get-ADGroupMember "Sharepoint Users" -Server DC-w2k8r2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Sharepoint Users:ADGroup) [Get-ADGroupMember], ADServerDownE
xception
+ FullyQualifiedErrorId : Unable to contact the server. This may be because this server does not exist, it is curr
ently down, or it does not have the Active Directory Web Services running.,Microsoft.ActiveDirectory.Management.Co
mmands.GetADGroupMember
BUT, i can query other security groups successfully! I´ve changed the value on two different W2k8 R2 DC´s with the same result. The query runs round about one minute before the (timeout?) message is coming up.
Does anyone has an idea? Do i have to change this value on all DC´s running ADWS? The idea was to only change it on one DC and fix the query against this server (with the parameter "-Server").
Thanks in advance.
Dennis