Improve company productivity with a Business Account.Sign Up

x
?
Solved

How to identify empty or unused dist/sec groups and mailboxes.

Posted on 2009-06-30
7
Medium Priority
?
2,442 Views
Last Modified: 2012-05-07
Hi,
I am looking for a way which i can generate a list of empty or unused AD distribution and Security groups and a generate a list of unused mailboxes.

David
0
Comment
Question by:cancervic
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:Rick Fee
ID: 24750489
This worked for me

http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html

Or use powershell which is the good way to run queries:

Save to .ps1 and run with .\filename.ps1.
 
 $groups = Get-DistributionGroup
 $amount = @()  
 foreach ($a in $groups)
 {
   $groupMem = Get-DistributionGroupMember $a
   if ($groupMem.Count -eq $null) { $amount += $a }
 }
 Write-Output $amount | Select-Object Name,GroupType,OrganizationalUnit | Export-CSV -notypeinformation -Path C:\Empty.csv

http://forums.msexchange.org/m_1800490641/tm.htm
0
 

Author Comment

by:cancervic
ID: 24750630
thanks.

Where and how is this script executed ? do i save it as a batch file ?
does this do security groups also ?
0
 
LVL 20

Expert Comment

by:Rick Fee
ID: 24750806
Well the first one goes to a link (http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html)...which runs as a VBS.    Just rename to emptdist.vbs

The second one is put in a .ps1 file which is just a notepad and just remove .txt to .ps1   - But you need Powershell

emptdist.vbs.txt
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 

Author Comment

by:cancervic
ID: 24751472
Hi,
i downloaded windows powershell 1.0. How do i execute the script. I copied the script above into a text file, renamed as example.ps1. and saved it under c:\., I opened up windows powershell 1.0 and at the prompt entered example.ps1

"The term 'example.ps1' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.
At line:1 char:11
+ example.ps1 <<<<"

any suggestions ?

0
 

Author Comment

by:cancervic
ID: 24751653
Got it to work, now i am facing with this:

The term 'Get-DistributionGroup' is not recognized as a cmdlet, function, operable program, or script file. Verify the
term and try again.
At C:\empty.ps1:1 char:32
+ $groups = Get-DistributionGroup  <<<<
The term 'Get-DistributionGroupMember' is not recognized as a cmdlet, function, operable program, or script file. Verif
y the term and try again.
At C:\empty.ps1:5 char:43
+    $groupMem = Get-DistributionGroupMember  <<<< $a
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24753034

You'd need Exchange 2007 to be able to use Get-DistributionGroup and Get-DistributionGroupMember. I guess this is 2003?

You can find empty groups easily enough though. You can do that in AD Users and Computers if you wish with this query:

(&(objectCategory=group)(!member=*))

Perhaps the easiest place to put it is...

Right click and Find
Select "Custom Search" from the drop down box
Select Advanced
Enter the LDAP Filter above and hit Find Now

Or if you grabbed these to go with PowerShell:

http://www.quest.com/activeroles-server/arms.aspx

Then you could run:

Get-QADGroup -LdapFilter "(&(objectCategory=group)(!member=*))"

Unused is a bit more difficult, it depends on your definition of unused. Any idea what criteria you would use?

Chris
0
 

Accepted Solution

by:
cancervic earned 0 total points
ID: 24759145
Hi,
I managed to get this working. I downloaded a tool called Dumprec which provided me for what i needed.

thanks all anyway.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question