PowerShell – Find all Empty Groups in Active Directory

Thomas
Tweet
Share
Pin1

If you want to find all Groups in your Active Directory that is empty I have just the PowerShell script for that.

Find all empty AD Groups with PowerShell

Some IT people often have the idea to create AD groups for everything and it can also be a good idea to manage users and permissions with groups. However, sometime you end up with a lot of groups that never get used. Opposite user objects, you can’t disable a group. The only way you can make a group inactive is by deleting it. In this post I will show you a couple of simple PowerShell script that can help you in the process.

I can not tell you if it would be a good idea to clean out all empty groups, but I can help you identify them with the scripts below. Be careful with Built-in groups. You don’t want to delete them. Also groups belonging to an On-Premises Exchange server installation should be left behind. Another good advise would be to make sure that you have enabled Active directory Recycle Bin before you move on. What way, you can easily restore one or more groups that should not have been deleted.

PowerShell

PowerShell Script to list Empty Groups

Let us start simple with the command below. It will list all empty groups in your Active Directory.

Get-ADGroup -Filter {Members -notlike ‘*’}

 

Maybe we should adjust the result to be easier to read. The command below will show the group with just the columns Name and Distinguished Name and sort the result alfabetically.

Get-ADGroup -Filter {Members -notlike ‘*’} | select name, DistinguishedName | Sort-Object name

 

To Sum Up

The scripts above does not delete anything, it just list empty groups in your Active Directory installation. It is up to you, to select which groups you don’t need anymore. Once again. Make sure you have your backup strategy in place if you delete a group by mistake. As I mentioned above, you can’t disable a group.

Related Posts

Tweet
Share
Pin1

Leave a Comment