neil-sabol/LDAP-module-member-range-tag-0-1499-enumeration.ps1

## LDAP-module-member-range-tag-0-1499-enumeration.ps1
# Install the PowerShell LDAP module
Install-Module -Name Ldap

# Create an Active Directory connection via LDAP, replacing 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
# with a real user in the directory and specifying the user's password when prompted
# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapConnection.md
$binduser = 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
$connection = Get-LdapConnection -Server 'ad.contoso.com' -Port 636 -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $binduser,(Read-Host -AsSecureString -Prompt "Enter password"))

# Specify a large AD group and search base to query
$group="All-Contoso-Users-Global"
$searchBase = "DC=ad,DC=contoso,DC=com"
$allmembers = @()

# Define default/initial range values, which may vary based on your
# Active Directory configuration (default is 1500, so 0-1499)
[string]$rangeStart = "0"
[string]$rangeEnd = "1499"
[string]$range = "$rangeStart-$rangeEnd"
[string]$rangeFinal = "$rangeStart-*"

# Get AD group members using LDAP, specifically Get-LdapObject
# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapObject.md
$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"

# Use a loop to increment and enumerate range-tagged results
do {
	# If the range tag member property exists, add the current range to the allmembers array
	if($members."member;range=$range") {
		$allmembers += $members."member;range=$range"
	}

	# If this is the final range, add the current range to the allmembers array and break
	if($members."member;range=$rangeFinal") {
		$allmembers += $members."member;range=$rangeFinal"
		break
	}

	# Increment the range tag and retrieve the next range with Get-LdapObject
	[string]$rangeStart = [int]$rangeEnd+1
	[string]$rangeEnd = [int]$rangeStart+1499
	[string]$range = "$rangeStart-$rangeEnd"
	[string]$rangeFinal = "$rangeStart-*"
	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"
} while ($members."member;range=$range" -or $members."member;range=$rangeFinal")

$allmembers
	# Install the PowerShell LDAP module
	Install-Module -Name Ldap

	# Create an Active Directory connection via LDAP, replacing 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
	# with a real user in the directory and specifying the user's password when prompted
	# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapConnection.md
	$binduser = 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
	$connection = Get-LdapConnection -Server 'ad.contoso.com' -Port 636 -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $binduser,(Read-Host -AsSecureString -Prompt "Enter password"))

	# Specify a large AD group and search base to query
	$group="All-Contoso-Users-Global"
	$searchBase = "DC=ad,DC=contoso,DC=com"
	$allmembers = @()

	# Define default/initial range values, which may vary based on your
	# Active Directory configuration (default is 1500, so 0-1499)
	[string]$rangeStart = "0"
	[string]$rangeEnd = "1499"
	[string]$range = "$rangeStart-$rangeEnd"
	[string]$rangeFinal = "$rangeStart-*"

	# Get AD group members using LDAP, specifically Get-LdapObject
	# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapObject.md
	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"

	# Use a loop to increment and enumerate range-tagged results
	do {
	# If the range tag member property exists, add the current range to the allmembers array
	if($members."member;range=$range") {
	$allmembers += $members."member;range=$range"
	}

	# If this is the final range, add the current range to the allmembers array and break
	if($members."member;range=$rangeFinal") {
	$allmembers += $members."member;range=$rangeFinal"
	break
	}

	# Increment the range tag and retrieve the next range with Get-LdapObject
	[string]$rangeStart = [int]$rangeEnd+1
	[string]$rangeEnd = [int]$rangeStart+1499
	[string]$range = "$rangeStart-$rangeEnd"
	[string]$rangeFinal = "$rangeStart-*"
	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"
	} while ($members."member;range=$range" -or $members."member;range=$rangeFinal")

	$allmembers