Finding empty groups in Active Directory
The PowerShell function discussed in this section helps you to find out the groups that have no members in them. This function has an optional switch parameter called -Nested, which indicates that a group has to be queried recursively for membership to determine whether it is empty or not. In some cases, a group can have another group in it, which might be empty as well. This switch will come in handy to find such cases:
Function Find-EmptyADGroups {
[CmdletBinding()]
Param(
[switch]$Nested
)
$Groups = Get-ADGroup -Filter *
Write-Host "`nBelow is the list of empty groups in Active Directory`n`n"
$Count = 0
foreach($Group in $Groups) {
$Members = Get-ADGroupMember -Identity $Group -Recursive:$Nested
if(!$Members) {
$Group | select Name, DistinguishedName
$Count++
}
}
Write-Host "`n`n`nTotal no. of empty groups are : $Count`n`n`n"
}Usage
The usage of this code is very simple. Just copy and paste the preceding code into PowerShell Window...
