Using ADFind.exe freeware, I have scripted SecGrpNoMbrs.bat to retrieve the distinguishedName of all security groups in your domain that do not have members.
To run SecGrpNoMbrs.bat, open a CMD.EXE window and type SecGrpNoMbrs.
SecGrpNoMbrs.bat contains:
@echo Off setlocal ENABLEDELAYEDEXPANSION set adf=adfind -default -f "&(objectcategory=group)" grouptype for /f "Skip=3 Tokens=1* Delims=: " %%a in ('%adf%^|find ":"') do ( set p1=%%a set p1=!p1:~1,1! if "!p1!" EQU "n" set dn="%%b" set OK=X if "!p1!" EQU "g" if "%%b" NEQ "2" call :getmbr !dn!>nul 2>&1 if "!OK!" EQU "N" @echo !dn! ) endlocal goto :EOF :getmbr set OK=N for /f "Tokens=*" %%x in ('adfind -nodn -nolabel -b %1 member^|find "="') do ( set OK=Y )
0 comments
Hide comments