PoshCode Logo PowerShell Code Repository

Get-EmptyGroup: Function to find empty groups in Win2000/2003/2003R2/2008 domains.

  1. Function Get-EmptyGroup
  2. {
  3.     <#
  4.     .Synopsis
  5.         Retrieves all groups without members in a domain or container.
  6.        
  7.     .Description
  8.         Retrieves all groups without members in a domain or container.
  9.        
  10.     .Notes
  11.         Name      : Get-EmptyGroup
  12.         Author    : Oliver Lipkau <oliver.lipkau@gmail.com>
  13.         Date      : 2010/05/24 19:13
  14.        
  15.         #Requires -Version 2.0
  16.        
  17.     .Inputs
  18.         System.String, System.Integer
  19.        
  20.     .Parameter SearchRoot
  21.         A search base (the distinguished name of the search base object) defines the location in the directory from which the LDAP search begins
  22.        
  23.     .Parameter SizeLimit
  24.         Maximum of results shown for a query
  25.  
  26.     .Parameter SearchScope
  27.         A search scope defines how deep to search within the search base.
  28.             Base , or zero level, indicates a search of the base object only.
  29.             One level indicates a search of objects immediately subordinate to the base object, but does not include the base object itself.
  30.             Subtree indicates a search of the base object and the entire subtree of which the base object distinguished name is the topmost object.
  31.  
  32.     .Outputs
  33.         System.DirectoryServices.DirectoryEntry
  34.  
  35.     .Example
  36.         Get-EmptyGroup
  37.     #>
  38.    
  39.     [CmdletBinding()]
  40.     param(
  41.         [string]$SearchRoot,
  42.        
  43.         [ValidateNotNullOrEmpty()]
  44.         [int]$PageSize = 1000,
  45.        
  46.         [int]$SizeLimit = 0,
  47.        
  48.         [ValidateNotNullOrEmpty()]
  49.         [ValidateSet("Base","OneLevel","Subtree")]
  50.         [string]$SearchScope = "SubTree"
  51.     )
  52.  
  53.     Begin
  54.     {
  55.         Write-Verbose "$($MyInvocation.MyCommand.Name):: Function started"
  56.         $c = 0
  57.         $filter = "(&(objectClass=group)(!member=*))"
  58.     }
  59.  
  60.     Process
  61.     {
  62.         $root= New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")
  63.         $searcher = New-Object System.DirectoryServices.DirectorySearcher $filter
  64.         if (!($SearchRoot))
  65.             {$SearchRoot=$root.defaultNamingContext}
  66.         elseif (!($SearchRoot) -or ![ADSI]::Exists("LDAP://$SearchRoot"))
  67.             {Write-Error "$($MyInvocation.MyCommand.Name):: SearchRoot value: '$SearchRoot' is invalid, please check value";return}
  68.         $searcher.SearchRoot = "LDAP://$SearchRoot"
  69.         Write-Verbose "$($MyInvocation.MyCommand.Name):: Searching in: $($searcher.SearchRoot)"
  70.        
  71.         $searcher.SearchScope = $SearchScope
  72.         $searcher.SizeLimit = $SizeLimit
  73.         $searcher.PageSize = $PageSize
  74.         Write-Verbose "$($MyInvocation.MyCommand.Name):: Searching for: $($searcher.filter)"
  75.         $searcher.FindAll() | `
  76.         Foreach-Object `
  77.         {
  78.             $c++
  79.             Write-Verbose "$($MyInvocation.MyCommand.Name):: Found: $($_.Properties.cn)"
  80.             $_.GetDirectoryEntry()
  81.         }
  82.     }
  83.    
  84.     End
  85.     {
  86.         Write-Verbose "$($MyInvocation.MyCommand.Name):: Found $c results"
  87.         Write-Verbose "$($MyInvocation.MyCommand.Name):: Function ended"
  88.     }
  89. }

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me