Powershell – Unable to extract full user list from AD OUs having 2000+ user accounts. Limited to 2000 users


I want to extract all users in Active Directory, using the following command. Few OUs have more than 2000 user accounts. Here using this command, I do get the users as desired but the users in the OUs having more than 2000 users returns only 2000. This may be a AD feature, but I need all the user accounts of the OUs. Please suggest and help.

Get-ADUser -Filter * -SearchBase "OU=AllUsers,DC=example,DC=com" -Properties * |
Select-Object name, DisplayName, DistinguishedName, GivenName, Surname, SamAccountName | 
export-csv -path D:\AllUserExport.csv -NoTypeInformation

Best Answer

Please don't do -properties * when you don't need all the user properties. You're pulling back all the data out of all the accounts, and therefore your query takes much longer than it needs to.

If you run Get-AdUser [username], you'll see that the only thing missing in the default result set for what you want is DisplayName. So just include that in your -Properties to query.

Secondly, 2000 users sounds like an unusual number. By default, the LDAP page size is 1000 objects, and Get-Aduser -ResultSetSize is $null (unlimited) by default, and the Get-ADUser page size is 250 objects.

I just did a get-aduser -filter * on my domain, and returned 60000+ users with no problem in multiple levels of OUs.

So I wonder if you're getting a timeout - if your query takes longer than 2 minutes per page, it'll time out, especially since you're dragging back all the user properties. The data can get quite large if users have certificates. But normally you'll get an error. Perhaps try it without exporting the CSV, and with minimal properties.

$users = Get-ADUser -Filter * -SearchBase "OU=AllUsers,DC=example,DC=com" -Properties Displayname | 
Select-Object name, DisplayName, DistinguishedName, GivenName, Surname, SamAccountName 

See what the result of $users.count is after that.