Solved

How to identify empty or unused dist/sec groups and mailboxes.

Posted on 2009-06-30
7
2,380 Views
Last Modified: 2012-05-07
Hi,
I am looking for a way which i can generate a list of empty or unused AD distribution and Security groups and a generate a list of unused mailboxes.

David
0
Comment
Question by:cancervic
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750489
This worked for me

http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html

Or use powershell which is the good way to run queries:

Save to .ps1 and run with .\filename.ps1.
 
 $groups = Get-DistributionGroup
 $amount = @()  
 foreach ($a in $groups)
 {
   $groupMem = Get-DistributionGroupMember $a
   if ($groupMem.Count -eq $null) { $amount += $a }
 }
 Write-Output $amount | Select-Object Name,GroupType,OrganizationalUnit | Export-CSV -notypeinformation -Path C:\Empty.csv

http://forums.msexchange.org/m_1800490641/tm.htm
0
 

Author Comment

by:cancervic
ID: 24750630
thanks.

Where and how is this script executed ? do i save it as a batch file ?
does this do security groups also ?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750806
Well the first one goes to a link (http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html)...which runs as a VBS.    Just rename to emptdist.vbs

The second one is put in a .ps1 file which is just a notepad and just remove .txt to .ps1   - But you need Powershell

emptdist.vbs.txt
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:cancervic
ID: 24751472
Hi,
i downloaded windows powershell 1.0. How do i execute the script. I copied the script above into a text file, renamed as example.ps1. and saved it under c:\., I opened up windows powershell 1.0 and at the prompt entered example.ps1

"The term 'example.ps1' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.
At line:1 char:11
+ example.ps1 <<<<"

any suggestions ?

0
 

Author Comment

by:cancervic
ID: 24751653
Got it to work, now i am facing with this:

The term 'Get-DistributionGroup' is not recognized as a cmdlet, function, operable program, or script file. Verify the
term and try again.
At C:\empty.ps1:1 char:32
+ $groups = Get-DistributionGroup  <<<<
The term 'Get-DistributionGroupMember' is not recognized as a cmdlet, function, operable program, or script file. Verif
y the term and try again.
At C:\empty.ps1:5 char:43
+    $groupMem = Get-DistributionGroupMember  <<<< $a
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24753034

You'd need Exchange 2007 to be able to use Get-DistributionGroup and Get-DistributionGroupMember. I guess this is 2003?

You can find empty groups easily enough though. You can do that in AD Users and Computers if you wish with this query:

(&(objectCategory=group)(!member=*))

Perhaps the easiest place to put it is...

Right click and Find
Select "Custom Search" from the drop down box
Select Advanced
Enter the LDAP Filter above and hit Find Now

Or if you grabbed these to go with PowerShell:

http://www.quest.com/activeroles-server/arms.aspx

Then you could run:

Get-QADGroup -LdapFilter "(&(objectCategory=group)(!member=*))"

Unused is a bit more difficult, it depends on your definition of unused. Any idea what criteria you would use?

Chris
0
 

Accepted Solution

by:
cancervic earned 0 total points
ID: 24759145
Hi,
I managed to get this working. I downloaded a tool called Dumprec which provided me for what i needed.

thanks all anyway.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question