Get-ADGroupMember : The size limit for this request was exceeded

I was hitting the 5000 limit with Get-ADGroupMember.

You can use Get-ADUser with the -LDAPFilter parameter to get group members. It's quick and supports >5000 entries.

$groups = @(
    "group1"
    "group2"
    "group3"
)

Foreach ($group in $groups) {
    Get-ADUser -LDAPFilter "(&(objectCategory=user)(memberof=CN=$group,OU=Groups,OU=rest,DC=of,DC=distinguished,DC=name))" | Export-Csv "C:\$group.csv"
}

It looks like you can build up complex filters with this method. I needed to quickly return enabled members from some extremely large groups. The filter I used for this was:

"(&(objectCategory=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)(memberof=CN=$group,OU=Groups,OU=rest,DC=of,DC=distinguished,DC=name))"

I hear this is a limitation of the AD Webservices that actually service the requests from powershell cmdlets. The maximum size is 5000. But you can try the dsget command, although you will need to get a little creative.

$GroupDN = (Get-ADGroup -Identity $Group).DistinguishedName will give you the DN of the group.

Use the DSget like this.

$members = DSget group $GroupDN -members This will give you the list of DNs of all members.

Feed that to a Get-ADUser cmdlet in a pipe or foreach loop and you are good to go.

The number of objects that Get-ADGroupMember can return is restricted by a limit in the ADWS (Active Directory Web Services):

MaxGroupOrMemberEntries

5000

Specifies the maximum number of group members (recursive or non-recursive), group memberships, and authorization groups that can be retrieved by the Active Directory module Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup cmdlets. Set this parameter to a higher value if you anticipate these cmdlets to return more than 5000 results in your environment.

According to this thread you should be able to work around it by querying group objects and expanding their member property (if you can't increase the limit on the service):

Get-ADGroup $group -Properties Member |
    Select-Object -Expand Member |
    Get-ADUser -Property Name, DisplayName

Beware, though, that this is likely to be slow, because you'll be sending thousands of requests. It might be better to build a hashtable of all users:

$users = @{}
Get-ADUser -Filter '*' -Property Name, DisplayName | ForEach-Object {
    $users[$_.DistinguishedName] = $_
}

so that you can look them up by their distinguished name:

Get-ADGroup $group -Properties Member |
    Select-Object -Expand Member |
    ForEach-Object { $users[$_] }