Set-App recipient limitation

This topic contains 3 replies, has 3 voices, and was last updated by  Aurimas 3 days, 11 hours ago.

  • Author
    Posts
  • #86077

    Aurimas
    Participant

    Hi,

    I have tried to set an app to more than 1000 users using this script, but Set-App cmdlet throws an error "Too many recipients specified, the limit is 1000 recipients.". Get-Adgroupmember has 5000 users limitation.

    What could be another option to set an app for more than 5000 users?

    Set-ExecutionPolicy RemoteSigned
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    $users = Get-DistributionGroupMember -Identity "Some_distribution_group"
    Set-App -OrganizationApp -Identity 41f6a6f2-1234-1234-1234-26ded39437af -ProvidedTo SpecificUsers -UserList $users.Identity -DefaultStateForUser Enabled

  • #86117

    Jeremy Corbello
    Participant

    I haven't tested this, mainly because I don't have a distribution group with 5000 members haha. But I believe something like this would do the trick:

    Set-ExecutionPolicy RemoteSigned
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    $users = Get-DistributionGroupMember -Identity "Some_distribution_group"
    $count = [math]::ceiling($users.count/1000)
    foreach ($i in $count) {
        $list = $users | select -First 1000
        Set-App -OrganizationApp -Identity 41f6a6f2-1234-1234-1234-26ded39437af -ProvidedTo SpecificUsers -UserList $list.Identity -DefaultStateForUser Enabled
        $users.Remove($list)
        }
    

    Basically, we create a $count variable that counts how many iterations of 1000 (or fraction of 1000) there are that we need to cycle through. Then we select the first 1000, assign it to $list, and process the Set-App cmdlet with that new list. Afterwards, we remove the first 1000 that we used from the $users array.

    Again, not tested – no clue if it'll work or not. Just where my mind went as a quick solution.

  • #86384

    postanote
    Participant

    The 1K limit is a Active Directory default setting. and not O365 specific.
    This is a well documented and talked about limitation for years now.

    Just use you favorite search engine—
    'ad return more than 1000 users'

    'support.microsoft.com/en-us/help/315071/how-to-view-and-set-ldap-policy-in-active-directory-by-using-ntdsutil'
    'richardspowershellblog.wordpress.com/2013/10/08/ads-1000-object-limit'
    'blog.scottlowe.org/2008/04/11/ad-integration-tip-dealing-with-more-than-1000-users'

  • #88676

    Aurimas
    Participant

    Thank you all for help. Seems this solve the issue.

    Set-ExecutionPolicy RemoteSigned
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session
    $users = Get-DistributionGroupMember -Identity "Some_distribution_group"
    
    $count = [math]::ceiling($users.count/1000)
    For ($i = 1; $i -le $count; $i++) {
        $list = $users | Select -First 1000
        Set-App -OrganizationApp -Identity 41f1234-1234-1234-1234-26ded312345 -ProvidedTo SpecificUsers -UserList $list.Identity -DefaultStateForUser Enabled
        $users = $users | Where-Object { $list -notcontains $_ }
        }
    

You must be logged in to reply to this topic.