Monday, February 22, 2010

Find Empty Active Directory Groups

Following one-liners will find Active Directory Groups that have no users.

** To find empty Global Security groups:
Click Start -> Run -> Cmd.exe -> OK -> Copy and Paste following statement

DSQuery * -Filter "(&(sAMAccountType=268435456)(!member=*))" -Limit 0

** You can save the output to a text file by using Dos redirection operator > with file name.

DSQuery * -Filter "(&(sAMAccountType=268435456)(!member=*))" -Limit 0 >C:\EmptyGroups.txt

Above statement will create EmptyGroups.txt file on C: drive root listing all empty security groups.

** To find empty Local Security groups:

DSQuery * -Filter "(&(sAMAccountType=536870912)(!member=*))" -Limit 0

** To find empty Distribution groups:

DSQuery * -Filter "(&(sAMAccountType=268435457)(!member=*))" -Limit 0

 ** To find ALL empty groups (either local, global Security or Distribution groups):

DSQuery * -Filter "(&(objectClass=group)(!member=*))" -Limit 0

6 comments: