Author Posts

October 27, 2015 at 6:33 pm

Hello all,
Have the following adsiSearch to get all users
$Users = ([adsisearcher]"(&(objectClass=person)(objectClass=user))").FindAll().Properties

Problem is that max i can get is 1000 Users and i know theres a lot more.

So my question would be. How can i get all the users from AD using AdsiSearch?

Regards,

Arestas

October 27, 2015 at 9:08 pm

Any specific reason you are using adsisearcher?

What about using Get-ADUser?

October 27, 2015 at 11:25 pm

With Get-ADUser you will only get 1000 results by default as well. You would need to use the -ResultSize parameter of Get-ADUser to increase the amount of results to be returned. For ADSI, modify your code like so:

$Searcher = [adsisearcher]"(&(objectClass=person)(objectClass=user))"
$Searcher.SizeLimit = 10000
$Results = $Searcher.FindAll()

October 28, 2015 at 2:15 am

The 1000 limit is imposed by AD – you'll see the same thing in the GUI tools. As stated above set the Sizelimit property to a sensible value.

I would recommend using the PowerShell cmdlets over [adsisearcher]

October 28, 2015 at 3:27 am

Well,
Cant connect to AD using Get-ADuser. i think its the firewall in the way. Using adisearch i can.

October 28, 2015 at 3:31 am

Using
$Searcher = [adsisearcher]"(&(objectClass=person)(objectClass=user))"
$Searcher.SizeLimit = 10000
$Results = $Searcher.FindAll().properties
$Result.count

it returns 1000. So apparently it doesn't work.

October 28, 2015 at 4:21 am

Hello
Used this and is working. Tks all for the precious help.

$a = [adsisearcher]"(&(objectClass=person)(objectClass=user))"
$a.SearchRoot=$root
$a.PageSize = 5000
$a.PropertiesToLoad.add("samaccountname")| Out-Null
$a.PropertiesToLoad.add("distinguishedname")| Out-Null
$results = $a.findall()

October 28, 2015 at 4:56 am

Using $Searcher.SizeLimit = 10000 will result in up to 10,000 object being returned.

Using $Searcher.PageSize = (any non-zero value) will fully return the results.

Without setting PageSize, the default is to perform a non-paged LDAP query which will return either 1000 or 1500, depending on of the AD environment was built using W2000 or 2003+

The PageSize value is used behind the scenes to control how LDAP results are batched up on the DC and passed back to the client. The larger the number, the bigger each batch, which in not a good thing. Larger batches put more load and memory allocation on the DC. Setting 1000 thru 2500 should do.