Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 24, 2012 10:14 AM
Hello :-)
I am trying to list every members in a group (with -recursive attribute) but it comes to a timeout.
When I do this, it works (slowly but it works) (without -recursive):
Get-ADGroupMember -Identity 'My_grp' -Server 'domain.local' | Select Name
But with -recursive:
Get-ADGroupMember -Identity 'My_grp' -Server 'domain.local' -Recursive | Select Name
I get this error:
Get-ADGroupMember : L’opération s’est terminée car le délai d’attente a expiré (=Operation ended because of TIMEOUT).
Au niveau de C:\Temp\ef6c0eca-1508-48dc-af6f-baeef18e26ff.ps1 : 1 Caractère : 18
- Get-ADGroupMember <<<< -Identity 'My_grp' -Server 'domain.local' -Recursive | Select Name
+ CategoryInfo : OperationTimeout: (My_grp:ADGroup) [Get-ADGroupMember], TimeoutException
+ FullyQualifiedErrorId : L’opération s’est terminée car le délai d’attente a expiré.,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Do you have any advice on how to improve my request so it could work?
Thanks!
All replies (5)
Tuesday, September 25, 2012 2:12 PM ✅Answered | 1 vote
It is SOO bad, because it works Sooo easily with Quest.
Get-QADGroupMember -Identity 'My_grp' -Service 'domain.local' -Indirect | Select Name
In 20secondes I got every object. Well... let's do it with ADSI..
Wednesday, September 26, 2012 9:51 AM ✅Answered | 2 votes
Ok I just found the problem.
The Powershell v2 command doesn't not work because my Active Directory user account has no 'reading' rights on some objects. I guess I can't see what is in "Member" tab. I tried with an AD admin account and it worked perfectly.
Get-ADGroupMember -Identity 'My_grp' -Server 'domain.local' -Recursive | Select Name
Here we go! Thanks ;-)
Monday, September 24, 2012 10:21 AM
Oh. Maybe is there a problem because there are several domains?
Example: 'My_grp' is on 'domain.local' . But 'My_grp' contains groups/users stored on 'domain2.local'. I could be a problem right? Because I define my server with '-server'
EDIT: .. in fact it's not the problem because without -recursive it works. (and there are objects in 'domain2.local' too)
Monday, September 24, 2012 12:32 PM | 2 votes
Try using ADSI - Find Circular Nested Groups
Monday, September 24, 2012 1:44 PM
Ok I'll try. I saw topics telling ADSI will work but... that is too bad a nice function like Get-ADGroupMember is not strong enough to do the job!
Thank you for you suggestion. I will tell you if it works.