Forum Discussion
Getting Timeout limit was exceeded while fetching adgroup member
We have requirement of adding users to multiple ad group, before that check if the user is exist in A group then remove and add to B group. Its working fine smoothly for other AD groups, But still getting time limit error for a specific AD group. Followed few article regarding to set the timespan. But none of them worked. Used server name also.
cmdlt:- Get-ADGroupMember -Identity "AdgroupName" -Server "myservame" | Where-Object {$_.SamAccountName -eq $Username}
It's also worth noting that Get-ADGroupMember performs two very distinct actions (with respect to how it talks to the directory service):
- Pulls a list of distinguishedName values from the group (it's highly unlikely this is the part that's timing out);
- For each distinguishedName, Get-ADGroupMember will launch another query for each distinguishedName to pull all the additional properties, one of which is sAMAccountName.
While there's not enough information in your error to make any definitive statements, I have seen it before where a group containing memberships from another forest leads to a timeout, particularly in scenarios where a person no longer exists in the remote forest or the remote forest is unresponsive for some reason (in my experience it's usually been poor firewall configuration).
This may or may not be the cause in your case. I'm just sharing old stories in case this helps you discover something useful.
Cheers,
Lain
- How many users are there in the group you are querying?
- Its contain around 10k users . even when trying to fetch the count of this group. Throwing error that time limit was exceeded.
Ajay_Kumar_Ghose You could use this:
Get-ADUser -LDAPFilter "(&(objectCategory=user)(memberof=CN=groupname,OU=Groups,OU=Corp,DC=test,DC=distinguished,DC=local))"Put that in in variable and test against that
