Solved

How to identify empty or unused dist/sec groups and mailboxes.

Posted on 2009-06-30
7
2,355 Views
Last Modified: 2012-05-07
Hi,
I am looking for a way which i can generate a list of empty or unused AD distribution and Security groups and a generate a list of unused mailboxes.

David
0
Comment
Question by:cancervic
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750489
This worked for me

http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html

Or use powershell which is the good way to run queries:

Save to .ps1 and run with .\filename.ps1.
 
 $groups = Get-DistributionGroup
 $amount = @()  
 foreach ($a in $groups)
 {
   $groupMem = Get-DistributionGroupMember $a
   if ($groupMem.Count -eq $null) { $amount += $a }
 }
 Write-Output $amount | Select-Object Name,GroupType,OrganizationalUnit | Export-CSV -notypeinformation -Path C:\Empty.csv

http://forums.msexchange.org/m_1800490641/tm.htm
0
 

Author Comment

by:cancervic
ID: 24750630
thanks.

Where and how is this script executed ? do i save it as a batch file ?
does this do security groups also ?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24750806
Well the first one goes to a link (http://gsexdev.blogspot.com/2006/05/finding-and-removing-empty.html)...which runs as a VBS.    Just rename to emptdist.vbs

The second one is put in a .ps1 file which is just a notepad and just remove .txt to .ps1   - But you need Powershell

emptdist.vbs.txt
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:cancervic
ID: 24751472
Hi,
i downloaded windows powershell 1.0. How do i execute the script. I copied the script above into a text file, renamed as example.ps1. and saved it under c:\., I opened up windows powershell 1.0 and at the prompt entered example.ps1

"The term 'example.ps1' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try again.
At line:1 char:11
+ example.ps1 <<<<"

any suggestions ?

0
 

Author Comment

by:cancervic
ID: 24751653
Got it to work, now i am facing with this:

The term 'Get-DistributionGroup' is not recognized as a cmdlet, function, operable program, or script file. Verify the
term and try again.
At C:\empty.ps1:1 char:32
+ $groups = Get-DistributionGroup  <<<<
The term 'Get-DistributionGroupMember' is not recognized as a cmdlet, function, operable program, or script file. Verif
y the term and try again.
At C:\empty.ps1:5 char:43
+    $groupMem = Get-DistributionGroupMember  <<<< $a
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24753034

You'd need Exchange 2007 to be able to use Get-DistributionGroup and Get-DistributionGroupMember. I guess this is 2003?

You can find empty groups easily enough though. You can do that in AD Users and Computers if you wish with this query:

(&(objectCategory=group)(!member=*))

Perhaps the easiest place to put it is...

Right click and Find
Select "Custom Search" from the drop down box
Select Advanced
Enter the LDAP Filter above and hit Find Now

Or if you grabbed these to go with PowerShell:

http://www.quest.com/activeroles-server/arms.aspx

Then you could run:

Get-QADGroup -LdapFilter "(&(objectCategory=group)(!member=*))"

Unused is a bit more difficult, it depends on your definition of unused. Any idea what criteria you would use?

Chris
0
 

Accepted Solution

by:
cancervic earned 0 total points
ID: 24759145
Hi,
I managed to get this working. I downloaded a tool called Dumprec which provided me for what i needed.

thanks all anyway.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now