AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of xP3000
xP3000
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Active Directory Groups


Hi,

I've been given a new task in our Active Directory, we have a "Security Groups Global" OU and within this OU there are 1831 security groups!

my task is to search and look at each of these groups to find out if any are empty and delete the security groups which are empty! now searching 1831 groups is going to be boring and take quite a while... what i'm after is, is there another way of going about this? i.e. is there a tool out there which can do this for me? or a reporting tool that can tell me what groups are empty?

Kind Regards,

James Little
Active DirectoryWindows Server 2003
Avatar of undefined
Last Comment
xP3000
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
wdurrett
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Gregory_V
You can also use the DumpSec tool to dump all the groups to a file to review.

http://www.systemtools.com/somarsoft/?somarsoft.com
bluntTony
The below vbs should do the trick. Save as a vbs file and run via cscript from the command line, e.g.

cscript getEmptyGroups.vbs

It should list all the groups that have no members.

In the script, change 'strOU' to the DN of the OU holding the groups, e.g. 'OU=Security Global Groups,DC=domain,DC=local'

Let me know how you get on.

Tony
strOU = "OU=Security Global Groups,DC=domain,DC=local"
Set objOU = GetObject("LDAP://" & strOU)
objOU.Filter = Array("group")

For Each objGroup In objOU
	If IsEmpty(objGroup.member) Then WScript.Echo "Empty - " & objGroup.cn
Next

Open in new window

iimtiaz
A simple tool you are looking for is AD Manager Plus. You can download a free version from the below link
http://www.brothersoft.com/admanager-plus-free-edition-141153.html
Install it and then you can  have your desire report .
IN AD Manager PLus Slect on AD Reports---Select Groups Reports---select Groups Without Members.
There You can have more reports as per your need. As well as you can manage your AD user and computers and groups.
Cheers
Iftikhar
 
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
xP3000
ASKER
Just what i was looking for me! thanks!
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent