fix big group problem (#204)

* fix big group problem * fix syntax to pass tests * Update win_domain_group_membership.ps1 * fix as suggested by @jborean93 * Added changelog fragment Co-authored-by: Jordan Borean <[email protected]>
ansible-collections · May 11, 2021 · 72e4a1a · 72e4a1a
1 parent 4c8c11c
commit 72e4a1a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/changelogs/fragments/win_domain_group_membership-large.yml b/changelogs/fragments/win_domain_group_membership-large.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- win_domain_group_membership - Handle timeouts when dealing with group with lots of members - https://github.com/ansible-collections/community.windows/pull/204
diff --git a/plugins/modules/win_domain_group_membership.ps1 b/plugins/modules/win_domain_group_membership.ps1
@@ -50,7 +50,9 @@ if ($diff_mode) {
     $result.diff = @{}
 }
 
-$members_before = Get-AdGroupMember -Identity $ADGroup @extra_args
+$filter = "(memberOf=$($ADGroup.DistinguishedName))"
+
+$members_before = Get-ADObject -LDAPFilter $filter -Properties sAMAccountName, objectSID @extra_args
 $pure_members = [System.Collections.Generic.List`1[String]]@()
 
 foreach ($member in $members) {
@@ -89,7 +91,7 @@ foreach ($member in $members) {
 
 if ($state -eq "pure") {
     # Perform removals for existing group members not defined in $members
-    $current_members = Get-AdGroupMember -Identity $ADGroup @extra_args
+    $current_members = Get-ADObject -LDAPFilter $filter -Properties sAMAccountName, objectSID @extra_args
 
     foreach ($current_member in $current_members) {
         $user_to_remove = $true
@@ -101,14 +103,14 @@ if ($state -eq "pure") {
         }
 
         if ($user_to_remove) {
-            Remove-ADPrincipalGroupMembership -Identity $current_member -MemberOf $ADGroup -WhatIf:$check_mode -Confirm:$False
+            Remove-ADPrincipalGroupMembership -Identity $current_member -MemberOf $ADGroup -WhatIf:$check_mode -Confirm:$False @extra_member_args
             $result.removed.Add($current_member.SamAccountName)
             $result.changed = $true
         }
     }
 }
 
-$final_members = Get-AdGroupMember -Identity $ADGroup @extra_args
+$final_members = Get-ADObject -LDAPFilter $filter -Properties sAMAccountName, objectSID @extra_args
 
 if ($final_members) {
     $result.members = [Array]$final_members.SamAccountName
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- win_domain_group_membership - Handle timeouts when dealing with group with lots of members - https://github.com/ansible-collections/community.windows/pull/204