I've been given a new task in our Active Directory, we have a "Security Groups Global" OU and within this OU there are 1831 security groups!
my task is to search and look at each of these groups to find out if any are empty and delete the security groups which are empty! now searching 1831 groups is going to be boring and take quite a while... what i'm after is, is there another way of going about this? i.e. is there a tool out there which can do this for me? or a reporting tool that can tell me what groups are empty?
The below vbs should do the trick. Save as a vbs file and run via cscript from the command line, e.g.
cscript getEmptyGroups.vbs
It should list all the groups that have no members.
In the script, change 'strOU' to the DN of the OU holding the groups, e.g. 'OU=Security Global Groups,DC=domain,DC=local'
Let me know how you get on.
Tony
strOU = "OU=Security Global Groups,DC=domain,DC=local"Set objOU = GetObject("LDAP://" & strOU)objOU.Filter = Array("group")For Each objGroup In objOU If IsEmpty(objGroup.member) Then WScript.Echo "Empty - " & objGroup.cnNext
A simple tool you are looking for is AD Manager Plus. You can download a free version from the below link http://www.brothersoft.com/admanager-plus-free-edition-141153.html
Install it and then you can have your desire report .
IN AD Manager PLus Slect on AD Reports---Select Groups Reports---select Groups Without Members.
There You can have more reports as per your need. As well as you can manage your AD user and computers and groups.
Cheers
Iftikhar
http://www.systemtools.com/somarsoft/?somarsoft.com