Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 9786. Which security groups in your domain have no members?

Using ADFind.exe freeware, I have scripted SecGrpNoMbrs.bat to retrieve the distinguishedName of all security groups in your domain that do not have members.

To run SecGrpNoMbrs.bat, open a CMD.EXE window and type SecGrpNoMbrs.

SecGrpNoMbrs.bat contains:

@echo Off
setlocal ENABLEDELAYEDEXPANSION
set adf=adfind -default -f "&(objectcategory=group)" grouptype
for /f "Skip=3 Tokens=1* Delims=: " %%a in ('%adf%^|find ":"') do (
 set p1=%%a
 set p1=!p1:~1,1!
 if "!p1!" EQU "n" set dn="%%b"
 set OK=X
 if "!p1!" EQU "g" if "%%b" NEQ "2" call :getmbr !dn!>nul 2>&1
 if "!OK!" EQU "N" @echo !dn!
)
endlocal
goto :EOF
:getmbr
set OK=N
for /f "Tokens=*" %%x in ('adfind -nodn -nolabel -b %1 member^|find "="') do (
 set OK=Y
)



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019