/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" Sharepoint provider for Monad "," access ADSI WinNT provider from Monad Part 2 "," MSH Community Workspace, TFSC provider and videos "," more Monad scripts, and a bit more CSV "," working with CSV files in MSH (part two) "," working with CSV files in MSH (part one) "," and another source for MSH scripts is born "," VBscript hosting in MSH, Inputbox in Monad part 2 "," Some Monad Com hacks "," It's busy at the Monad front "," ")
Monday, April 10, 2006
Large AD queries in Monad
Motivated by the following Newsgroup thread about listing a AD query result of more then 1000 Objects.
For gettings objects from AD this is easy fixed by setting just setting a PageSize.
see also Retrieving Large Results Sets [ADSI] on MSDN for more information.
see the following example:
# AD Large queries examples :
# /\/\o\/\/ 2006
###
# Query a OU with more as 1000 Users :
###
$strROOT = 'LDAP://OU=Users,dc=Domain,DC=com'
$Root = New-Object DirectoryServices.DirectoryEntry $strROOT
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = $root
# setting a pagesize will give all Users
# if not the max is 1000 (Default) or as set in AD
# $searcher.PageSize = 900
$searchItem = "CN"
$searchValue = "*"
$searchClass = "User"
$SearchCat = "*"
$searcher.Filter = "(&($($searchItem)=$($searchValue))(objectClass=$($searchClass))(objectCategory=$($SearchCat)))"
$PropList = "CN","ObjectClass","ObjectCategory","distinguishedName","lastLogonTimestamp","description","department","displayname"
$PropList | foreach {[void]$searcher.PropertiesToLoad.Add($_)}
## Examples :
# without pageSize set :
MSH>$searcher.findAll() | measure-object
Count : 1000
# with pageSize set ( remove # before the $searcher.pagesize = 900)
MSH>$searcher.findAll() | measure-object
Count : 2629
# /\/\o\/\/ 2006
###
# Query a OU with more as 1000 Users :
###
$strROOT = 'LDAP://OU=Users,dc=Domain,DC=com'
$Root = New-Object DirectoryServices.DirectoryEntry $strROOT
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = $root
# setting a pagesize will give all Users
# if not the max is 1000 (Default) or as set in AD
# $searcher.PageSize = 900
$searchItem = "CN"
$searchValue = "*"
$searchClass = "User"
$SearchCat = "*"
$searcher.Filter = "(&($($searchItem)=$($searchValue))(objectClass=$($searchClass))(objectCategory=$($SearchCat)))"
$PropList = "CN","ObjectClass","ObjectCategory","distinguishedName","lastLogonTimestamp","description","department","displayname"
$PropList | foreach {[void]$searcher.PropertiesToLoad.Add($_)}
## Examples :
# without pageSize set :
MSH>$searcher.findAll() | measure-object
Count : 1000
# with pageSize set ( remove # before the $searcher.pagesize = 900)
MSH>$searcher.findAll() | measure-object
Count : 2629
Not that bad is it ?,
but now the following, how about getting the members of a large AD group.
The Members property will only list 1500 Objects at Maximum.
As you can see, here you have to do a "Base" search using the directorySearcher on the DirectoryEntry you want to get te members of.
also you need to do the Paging yourself in this situation.
As this is not as easy as paging the Query, I worked out this quick example how to do this from MSH :
# AD Large Members listing example :
# /\/\o\/\/ 2006
###
# list members of a group with more as 1500 Users :
###
# getting members the normal way (1500 max) :
$group = new DirectoryServices.directoryEntry('LDAP://CN=Group,OU=Groups,dc=Domain,DC=com')
MSH>$group.member | measure-object
Count : 1500
# Getting Members Paged
$group = new DirectoryServices.directoryEntry('LDAP://CN=Group,OU=Groups,dc=Domain,DC=com')
$from = 0
$all = $false
$members = @()
while (! $all) {
trap{$script:all = $True;continue}
$to = $from + 999
$DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base')
$members += $ds.findall() | foreach {$_.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}}
$from += 1000
}
# now the count is correct :
MSH> $members | measure-object
Count : 2621
# /\/\o\/\/ 2006
###
# list members of a group with more as 1500 Users :
###
# getting members the normal way (1500 max) :
$group = new DirectoryServices.directoryEntry('LDAP://CN=Group,OU=Groups,dc=Domain,DC=com')
MSH>$group.member | measure-object
Count : 1500
# Getting Members Paged
$group = new DirectoryServices.directoryEntry('LDAP://CN=Group,OU=Groups,dc=Domain,DC=com')
$from = 0
$all = $false
$members = @()
while (! $all) {
trap{$script:all = $True;continue}
$to = $from + 999
$DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base')
$members += $ds.findall() | foreach {$_.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}}
$from += 1000
}
# now the count is correct :
MSH> $members | measure-object
Count : 2621
You can see this is a bit more work as we have to do the paging ourselves.
Also the first time I did run into this it has cost me some time to figure this out (while I already was aware of the "normal" paging).
So I hope this will help if you come to this situation yourself.
Greetings /\/\o\/\/
Tags : Monad msh
