Finding Empty AD Groups [PowerShell]

In this post I will share a short bit of PowerShell to discover empty, used Active Director groups.

This post will be short and to the point!

Pre-requisites

Before you can use the Active Directory Cmdlets you will either need the to install the RSAT tools or run the below PowerShell on on Domain Controller. Y

ou can read more about  Active Directory Administration with Windows PowerShell here https://technet.microsoft.com/en-us/library/dd378937(WS.10).aspx

The Script

Amend the Export-Csv path as required.

Import-Module activedirectory
Get-ADGroup -Filter * -Properties Members | Where {-not $_.members} | select Name | Export-Csv D:\EmptyADGroups.csv –NoTypeInformation

As you can see the script is very short, it simply finds all groups with no members and exports to the CSV file, D:\EmptyADGroups.csv in this example but change that path as required.

If you wanted to check the members of a particular group you could use

Get-ADGroup '<group name>' | Get-Member

Alternative VBS Method

If you would prefer to use VBS take a look at the below link for an alternative method.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.