FBOLTS
asked on
Finding unused groups using LDAP
I would like to clean my AD structure of all the unused groups. There are currently numerous Security / distribution groups that i am certain are no longer used. I would like to create an LDAP query to find out which groups havent been used / have no members / havent been modified for over a year. What is the bvest way to do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Correct.
ASKER
i have tried running both queries and neither return anything. I know there are empty groups though?!
You are running queries from command prompt right?
ASKER
no i am in the SAVED QUERIES portion. i am creating a new query, selecting advanced custom query and pasting the code snippets.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cool - it works but how do i specify the OU to begin the query at?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The empty one works fine but i think i need to tweak the other one. How can i specify in the query that i would like to see all groups that havent changed for over 1 year?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so the query returns ALL groups and i have to manipulate the data to see those that havent changed for over a year? isnt that a way of capturing only those that havent changed?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
I am also in this process to clean up old groups. But the above commands helps on the modified date stuff. Infact there are multiple groups which will be actually in use but it might not be modified for long time. is there any way that we can find the inactive groups instead of going by modified date.
Dsquery helps to get the inactive computer accounts & the user accounts, depending on the access of the same. in the same way, can we find out which is last date the alias (DL or Security) being received emails ?
Thanks in advance.
I am also in this process to clean up old groups. But the above commands helps on the modified date stuff. Infact there are multiple groups which will be actually in use but it might not be modified for long time. is there any way that we can find the inactive groups instead of going by modified date.
Dsquery helps to get the inactive computer accounts & the user accounts, depending on the access of the same. in the same way, can we find out which is last date the alias (DL or Security) being received emails ?
Thanks in advance.
ASKER