ADs 1000 object limit

By default when you query AD using a script or cmdlet you won’t get more than 1000 objects returned. If your AD contains 4000 users and you run

Get-ADuser –filter *

You’ll still only get the first 1000 users returned.

This is by design to prevent you accidentally unleashing the “query from hell” and grinding your poor domain controller into the ground.

Of course if you only have 900 users you’ll never see a problem.

You can get a bigger result set using the ResultSetSize parameter. 

Set it to a value bigger than you expect and you’ll be fine. 

The documentation says that using a value of $null (which is supposedly default) will return all objects that match you filter.  I need to test but I don’t think that’s right

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

2 Responses to ADs 1000 object limit

  1. Derek says:

    I have tested this in an environment with 10K+ users, and it works properly when using $null for the ResultSetSize parameter. For Quest cmdlets, you would be using 0 (zero) for the SizeLimit parameter, to have the same effect, when it comes to Users/Computers/Objects.

  2. Marius says:

    are you sure about this ?
    in my environment with powershell v3 i don’t need to use resultsetsize:

    PS C:\Script> Get-ADUser -Filter * | Measure-Object
    Count : 5344

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s