Forum Discussion
Powershell help with AD Groups
I'm trying to read from file for group that have 0 members and is a Distribution group. Any help is appreciated. If I could get this working I should be good for the other peices.
I tried this but didn't work.
$Groups = Get-Content c:\ADGroupsMemberExport.txt
Get-ADGroup -Filter $Groups -Properties Member,GroupCategory | Where-Object {$_.Members.count -eq 0} -and Where-Object {$_.GroupCategory -eq 'Distribution'}
I tried this but didn't work.
$Groups = Get-Content c:\ADGroupsMemberExport.txt
Get-ADGroup -Filter $Groups -Properties Member,GroupCategory | Where-Object {$_.Members.count -eq 0} -and Where-Object {$_.GroupCategory -eq 'Distribution'}
3 Replies
you were very close - your Where-Object statement was incorrect
Get-ADGroup -Filter $Groups -Properties Member,GroupCategory | Where-Object {$_.Members.count -eq 0 -and $_.GroupCategory -eq 'Distribution'}Could someone help with the if, if, elseif statement below?
This is what I'm trying to accomplish.
1. if the group is empty move it to target OU.
2. if the group is non-empty and is a Distribution group, remove all members then move it to target OU.
3. if the group is non-empty and is a Security group, convert it to a Distribution group then move it to target OU.
foreach ($Group in $Groups) {
$Groups | Get-ADGroup -Properties Member,GroupCategory | Select-Object member,groupcategory
## Move all Distribution or Security Groups that are empty to new OU.
if ($_.members.count -eq 0){
Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
Write-Host "$Group is empty!" -ForegroundColor green
}
## Remove members from non-empty Distribution groups and move the group to new OU.
if ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Distribution'){
{
Remove-ADGroupMember -Identity $Group -Members (Get-ADGroupMember -Identity $Group) -Confirm:$False | Move-ADObject -TargetPath $TargetOU
## Convert non-empty Distribution groups to Security group and move the group to new OU.
elseif ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Security'){
{
Get-ADGroup -Identity $Group | Set-ADGroup -GroupCategory Distribution
Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
}
}
}Be careful with your { use, also indent your code it helps with picking the that {} are in the right place. Also because you are using a foreach loop you do not need to pipe $Groups to Get-ADGroup each time, you only need to do it for group you are currently working with
foreach ($Group in $Groups) { Get-ADGroup -Identity $Group -Properties Member,GroupCategory | Select-Object member,groupcategory ## Move all Distribution or Security Groups that are empty to new OU. if ($_.members.count -eq 0){ Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU Write-Host "$Group is empty!" -ForegroundColor green } ## Remove members from non-empty Distribution groups and move the group to new OU. if ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Distribution'){ Remove-ADGroupMember -Identity $Group -Members (Get-ADGroupMember -Identity $Group) -Confirm:$False | Move-ADObject -TargetPath $TargetOU } ## Convert non-empty Distribution groups to Security group and move the group to new OU. elseif ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Security'){ Get-ADGroup -Identity $Group | Set-ADGroup -GroupCategory Distribution Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU } }You could however have the
$Groups | Get-ADGroup -Identity $Group -Properties Member,GroupCategory | Select-Object member,groupcategory outside of the foreach statement then use $group.element, to address - but you would need to change the code slightly
