Finding empty groups

This recipe demonstrates how to find groups without group members. Every object in Active Directory takes up resources. When a group is not used, it may be deleted.

Getting ready

To view group memberships for a group, sign in to a domain controller, a member server, or a device with RSAT for Active Directory Domain Services installed.

Sign in with a domain account.

How to do it...

Use the following line of PowerShell to find all groups without memberships in Active Directory on a system with the Active Directory module for Windows PowerShell installed:

Get-ADGroup -Filter * -Properties members | Where-Object {$_.Members.count -eq 0}  | Out-GridView

Replace DC=LucernPub,DC=com to represent your environment. Replace the other fields to represent your group's properties.

How it works...

The Get-ADGroup PowerShell cmdlet is used to get the members attribute. Then, recursively, for each group, the membership count is queried...