neil-sabol · November 16, 2022 15:46
diff --git a/LDAP-module-member-range-tag-0-1499-enumeration.ps1 b/LDAP-module-member-range-tag-0-1499-enumeration.ps1
 # Install the PowerShell LDAP module
 Install-Module -Name Ldap

 # Create an Active Directory connection via LDAP, replacing 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
 # with a real user in the directory and specifying the user's password when prompted
 # See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapConnection.md
 $binduser = 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
 $connection = Get-LdapConnection -Server 'ad.contoso.com' -Port 636 -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $binduser,(Read-Host -AsSecureString -Prompt "Enter password"))

 # Specify a large AD group and search base to query
 $group="All-Contoso-Users-Global"
 $searchBase = "DC=ad,DC=contoso,DC=com"
 $allmembers = @()

 # Define default/initial range values, which may vary based on your 
 # Active Directory configuration (default is 1500, so 0-1499)
 [string]$rangeStart = "0"
 [string]$rangeEnd = "1499"
 [string]$range = "$rangeStart-$rangeEnd"
 [string]$rangeFinal = "$rangeStart-*"

 # Get AD group members using LDAP, specifically Get-LdapObject
 # See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapObject.md
 $members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"

 # Use a loop to increment and enumerate range-tagged results
 do {
 	# If the range tag member property exists, add the current range to the allmembers array
 	if($members."member;range=$range") {
 		$allmembers += $members."member;range=$range"
 	}

 	# If this is the final range, add the current range to the allmembers array and break
 	if($members."member;range=$rangeFinal") {
 		$allmembers += $members."member;range=$rangeFinal"
 		break
 	}

 	# Increment the range tag and retrieve the next range with Get-LdapObject
 	[string]$rangeStart = [int]$rangeEnd+1
 	[string]$rangeEnd = [int]$rangeStart+1499
 	[string]$range = "$rangeStart-$rangeEnd"
 	[string]$rangeFinal = "$rangeStart-*"
 	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"
 } while ($members."member;range=$range" -or $members."member;range=$rangeFinal")

 $allmembers
	# Install the PowerShell LDAP module
	Install-Module -Name Ldap

	# Create an Active Directory connection via LDAP, replacing 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
	# with a real user in the directory and specifying the user's password when prompted
	# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapConnection.md
	$binduser = 'CN=binduser,OU=Accounts,DC=ad,DC=contoso,DC=com'
	$connection = Get-LdapConnection -Server 'ad.contoso.com' -Port 636 -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $binduser,(Read-Host -AsSecureString -Prompt "Enter password"))

	# Specify a large AD group and search base to query
	$group="All-Contoso-Users-Global"
	$searchBase = "DC=ad,DC=contoso,DC=com"
	$allmembers = @()

	# Define default/initial range values, which may vary based on your
	# Active Directory configuration (default is 1500, so 0-1499)
	[string]$rangeStart = "0"
	[string]$rangeEnd = "1499"
	[string]$range = "$rangeStart-$rangeEnd"
	[string]$rangeFinal = "$rangeStart-*"

	# Get AD group members using LDAP, specifically Get-LdapObject
	# See https://github.com/replicaJunction/Ldap/blob/master/docs/en-US/Get-LdapObject.md
	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"

	# Use a loop to increment and enumerate range-tagged results
	do {
	# If the range tag member property exists, add the current range to the allmembers array
	if($members."member;range=$range") {
	$allmembers += $members."member;range=$range"
	}

	# If this is the final range, add the current range to the allmembers array and break
	if($members."member;range=$rangeFinal") {
	$allmembers += $members."member;range=$rangeFinal"
	break
	}

	# Increment the range tag and retrieve the next range with Get-LdapObject
	[string]$rangeStart = [int]$rangeEnd+1
	[string]$rangeEnd = [int]$rangeStart+1499
	[string]$range = "$rangeStart-$rangeEnd"
	[string]$rangeFinal = "$rangeStart-*"
	$members = Get-LdapObject -LdapConnection $connection -LdapFilter "(&(objectClass=group)(samaccountname=$group))" -SearchBase $searchBase -Property "member;range=$range"
	} while ($members."member;range=$range" -or $members."member;range=$rangeFinal")

	$allmembers