Posted by: Richard Siddaway
Active Directory, PowerShell
By default when you query AD using a script or cmdlet you won’t get more than 1000 objects returned. If your AD contains 4000 users and you run
Get-ADuser –filter *
You’ll still only get the first 1000 users returned.
This is by design to prevent you accidentally unleashing the “query from hell” and grinding your poor domain controller into the ground.
Of course if you only have 900 users you’ll never see a problem.
You can get a bigger result set using the ResultSetSize parameter.
Set it to a value bigger than you expect and you’ll be fine.
The documentation says that using a value of $null (which is supposedly default) will return all objects that match you filter. I need to test but I don’t think that’s right