我尝试编写一个脚本,将成员从“A 组”复制到“B 组”,但失败了,因为 A 组有超过 10000 名成员
我使用了以下脚本
Get-ADGroupMember -Identity "Group A" | ForEach-Object {
$members = Get-ADGroupMember -Identity "Group B" -Recursive | Select -ExpandProperty Name
If ($members -contains $_.Name) {
Write-Host "$user exists in the group"
Add-ADGroupMember -Identity "Group B" -Members $_.distinguishedName
}
}
我收到此错误
Get-ADGroupMember : The size limit for this request was exceeded
At line:1 char:1
您的代码可以简化为:
$dnGroupA = (Get-ADGroup 'Group A').DistinguishedName
$dnGroupB = (Get-ADGroup 'Group B').DistinguishedName
# Get the members of Group A NOT being a member of Group B:
$members = Get-ADObject -LDAPFilter "(&(memberOf=$dnGroupA)(!memberOf=$dnGroupB))"
Add-ADGroupMember -Identity $dnGroupB -Members $members
这也应该克服
这个Q&A中提到的
Get-ADGroupMember的会员限制。