Applies To:
GroupID 9 and above - GroupID Management Shell
Business Requirement:
Too many unchecked groups in the directory can lead to network vulnerabilities and security issues. In an attempt to clean up the directory, I want to get a list of groups that have no members and their owner is a terminated user.
Methodology:
GroupID Management Shell can be used to generate a list of all the groups (unmanaged groups, Smart Groups, and Dynasties) that have no members and a terminated user as their owner, and then export them to a CSV file.
Steps:
-
Launch GroupID Management Shell.
-
Type the following cmdlet to export all Smart Groups with no members and a terminated user as their owner, to a CSV file:
$ErrorActionPreference = "SilentlyContinue"; Get-SmartGroup -SmartGroupType "Smartgroup" | where {((Get-ADUser -Identity $_.ManagedBy_Resolved).Enabled -eq 0) -and ((Get-ADGroup -Identity $_.Name -Properties "*").Member.count -eq 0)} | Select Name | Export-csv "C:/Smartgroups.csv" -NoTypeInformation
-
This cmdlet saves your CSV file to the C:\ directory with the name, smartgroups.csv. To change the directory, replace the C in C:\smartgroups.csv with your desired drive.
-
To export all types of groups with no members and a terminated user as their owner to a CSV file, use the following cmdlet:
$ErrorActionPreference = "SilentlyContinue"; Get-Group | where {((Get-ADUser -Identity $_.ManagedBy_Resolved).Enabled -eq 0) -and ((Get-ADGroup -Identity $_.Name -Properties "*").Member.count -eq 0)} | Select Name | Export-csv "C:/Groups.csv" -NoTypeInformation -
You can append your desired attributes to the cmdlet (for example, smartGroupType, security, expiration, whencreated, UPN, Identity, MaxItemsToDisplay, ObjectType, LdapFilter, SmartFilter, etc.)
| Note: | In case you run into problems, contact support@imanami.com. |
Reference:
GroupID Management Shell guide