Author Posts

December 5, 2017 at 1:28 pm

Hi,

I have tried to set an app to more than 1000 users using this script, but Set-App cmdlet throws an error "Too many recipients specified, the limit is 1000 recipients.". Get-Adgroupmember has 5000 users limitation.

What could be another option to set an app for more than 5000 users?

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$users = Get-DistributionGroupMember -Identity "Some_distribution_group"
Set-App -OrganizationApp -Identity 41f6a6f2-1234-1234-1234-26ded39437af -ProvidedTo SpecificUsers -UserList $users.Identity -DefaultStateForUser Enabled

December 5, 2017 at 2:22 pm

I haven't tested this, mainly because I don't have a distribution group with 5000 members haha. But I believe something like this would do the trick:

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$users = Get-DistributionGroupMember -Identity "Some_distribution_group"
$count = [math]::ceiling($users.count/1000)
foreach ($i in $count) {
    $list = $users | select -First 1000
    Set-App -OrganizationApp -Identity 41f6a6f2-1234-1234-1234-26ded39437af -ProvidedTo SpecificUsers -UserList $list.Identity -DefaultStateForUser Enabled
    $users.Remove($list)
    }

Basically, we create a $count variable that counts how many iterations of 1000 (or fraction of 1000) there are that we need to cycle through. Then we select the first 1000, assign it to $list, and process the Set-App cmdlet with that new list. Afterwards, we remove the first 1000 that we used from the $users array.

Again, not tested – no clue if it'll work or not. Just where my mind went as a quick solution.

December 5, 2017 at 6:58 pm

The 1K limit is a Active Directory default setting. and not O365 specific.
This is a well documented and talked about limitation for years now.

Just use you favorite search engine—
'ad return more than 1000 users'

'support.microsoft.com/en-us/help/315071/how-to-view-and-set-ldap-policy-in-active-directory-by-using-ntdsutil'
'richardspowershellblog.wordpress.com/2013/10/08/ads-1000-object-limit'
'blog.scottlowe.org/2008/04/11/ad-integration-tip-dealing-with-more-than-1000-users'

December 11, 2017 at 6:25 pm

Thank you all for help. Seems this solve the issue.

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
$users = Get-DistributionGroupMember -Identity "Some_distribution_group"

$count = [math]::ceiling($users.count/1000)
For ($i = 1; $i -le $count; $i++) {
    $list = $users | Select -First 1000
    Set-App -OrganizationApp -Identity 41f1234-1234-1234-1234-26ded312345 -ProvidedTo SpecificUsers -UserList $list.Identity -DefaultStateForUser Enabled
    $users = $users | Where-Object { $list -notcontains $_ }
    }