Solved

How to identify empty or unused dist/sec groups and mailboxes.

Posted on 2009-06-30
7
2,404 Views
Last Modified: 2012-05-07
Hi,
I am looking for a way which i can generate a list of empty or unused AD distribution and Security groups and a generate a list of unused mailboxes.

David
0
Comment
Question by:cancervic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750489
This worked for me

http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html

Or use powershell which is the good way to run queries:

Save to .ps1 and run with .\filename.ps1.
 
 $groups = Get-DistributionGroup
 $amount = @()  
 foreach ($a in $groups)
 {
   $groupMem = Get-DistributionGroupMember $a
   if ($groupMem.Count -eq $null) { $amount += $a }
 }
 Write-Output $amount | Select-Object Name,GroupType,OrganizationalUnit | Export-CSV -notypeinformation -Path C:\Empty.csv

http://forums.msexchange.org/m_1800490641/tm.htm
0
 

Author Comment

by:cancervic
ID: 24750630
thanks.

Where and how is this script executed ? do i save it as a batch file ?
does this do security groups also ?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750806
Well the first one goes to a link (http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html)...which runs as a VBS.    Just rename to emptdist.vbs

The second one is put in a .ps1 file which is just a notepad and just remove .txt to .ps1   - But you need Powershell

emptdist.vbs.txt
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:cancervic
ID: 24751472
Hi,
i downloaded windows powershell 1.0. How do i execute the script. I copied the script above into a text file, renamed as example.ps1. and saved it under c:\., I opened up windows powershell 1.0 and at the prompt entered example.ps1

"The term 'example.ps1' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.
At line:1 char:11
+ example.ps1 <<<<"

any suggestions ?

0
 

Author Comment

by:cancervic
ID: 24751653
Got it to work, now i am facing with this:

The term 'Get-DistributionGroup' is not recognized as a cmdlet, function, operable program, or script file. Verify the
term and try again.
At C:\empty.ps1:1 char:32
+ $groups = Get-DistributionGroup  <<<<
The term 'Get-DistributionGroupMember' is not recognized as a cmdlet, function, operable program, or script file. Verif
y the term and try again.
At C:\empty.ps1:5 char:43
+    $groupMem = Get-DistributionGroupMember  <<<< $a
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24753034

You'd need Exchange 2007 to be able to use Get-DistributionGroup and Get-DistributionGroupMember. I guess this is 2003?

You can find empty groups easily enough though. You can do that in AD Users and Computers if you wish with this query:

(&(objectCategory=group)(!member=*))

Perhaps the easiest place to put it is...

Right click and Find
Select "Custom Search" from the drop down box
Select Advanced
Enter the LDAP Filter above and hit Find Now

Or if you grabbed these to go with PowerShell:

http://www.quest.com/activeroles-server/arms.aspx

Then you could run:

Get-QADGroup -LdapFilter "(&(objectCategory=group)(!member=*))"

Unused is a bit more difficult, it depends on your definition of unused. Any idea what criteria you would use?

Chris
0
 

Accepted Solution

by:
cancervic earned 0 total points
ID: 24759145
Hi,
I managed to get this working. I downloaded a tool called Dumprec which provided me for what i needed.

thanks all anyway.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question