Solved

How to identify empty or unused dist/sec groups and mailboxes.

Posted on 2009-06-30
7
2,371 Views
Last Modified: 2012-05-07
Hi,
I am looking for a way which i can generate a list of empty or unused AD distribution and Security groups and a generate a list of unused mailboxes.

David
0
Comment
Question by:cancervic
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750489
This worked for me

http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html

Or use powershell which is the good way to run queries:

Save to .ps1 and run with .\filename.ps1.
 
 $groups = Get-DistributionGroup
 $amount = @()  
 foreach ($a in $groups)
 {
   $groupMem = Get-DistributionGroupMember $a
   if ($groupMem.Count -eq $null) { $amount += $a }
 }
 Write-Output $amount | Select-Object Name,GroupType,OrganizationalUnit | Export-CSV -notypeinformation -Path C:\Empty.csv

http://forums.msexchange.org/m_1800490641/tm.htm
0
 

Author Comment

by:cancervic
ID: 24750630
thanks.

Where and how is this script executed ? do i save it as a batch file ?
does this do security groups also ?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750806
Well the first one goes to a link (http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html)...which runs as a VBS.    Just rename to emptdist.vbs

The second one is put in a .ps1 file which is just a notepad and just remove .txt to .ps1   - But you need Powershell

emptdist.vbs.txt
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:cancervic
ID: 24751472
Hi,
i downloaded windows powershell 1.0. How do i execute the script. I copied the script above into a text file, renamed as example.ps1. and saved it under c:\., I opened up windows powershell 1.0 and at the prompt entered example.ps1

"The term 'example.ps1' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.
At line:1 char:11
+ example.ps1 <<<<"

any suggestions ?

0
 

Author Comment

by:cancervic
ID: 24751653
Got it to work, now i am facing with this:

The term 'Get-DistributionGroup' is not recognized as a cmdlet, function, operable program, or script file. Verify the
term and try again.
At C:\empty.ps1:1 char:32
+ $groups = Get-DistributionGroup  <<<<
The term 'Get-DistributionGroupMember' is not recognized as a cmdlet, function, operable program, or script file. Verif
y the term and try again.
At C:\empty.ps1:5 char:43
+    $groupMem = Get-DistributionGroupMember  <<<< $a
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24753034

You'd need Exchange 2007 to be able to use Get-DistributionGroup and Get-DistributionGroupMember. I guess this is 2003?

You can find empty groups easily enough though. You can do that in AD Users and Computers if you wish with this query:

(&(objectCategory=group)(!member=*))

Perhaps the easiest place to put it is...

Right click and Find
Select "Custom Search" from the drop down box
Select Advanced
Enter the LDAP Filter above and hit Find Now

Or if you grabbed these to go with PowerShell:

http://www.quest.com/activeroles-server/arms.aspx

Then you could run:

Get-QADGroup -LdapFilter "(&(objectCategory=group)(!member=*))"

Unused is a bit more difficult, it depends on your definition of unused. Any idea what criteria you would use?

Chris
0
 

Accepted Solution

by:
cancervic earned 0 total points
ID: 24759145
Hi,
I managed to get this working. I downloaded a tool called Dumprec which provided me for what i needed.

thanks all anyway.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO and server 2008 R2 7 35
AD 20012 r2 / vmware horizon 6 35
Server 2008 R2 and Windows 10 Admin Templates 7 35
Domain administrator account is locked out 31 51
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question