Forum Discussion

Gujumax's avatar
Gujumax
Copper Contributor
May 24, 2021

Powershell help with AD Groups

I'm trying to read from file for group that have 0 members and is a Distribution group. Any help is appreciated. If I could get this working I should be good for the other peices. I tried this but ...
Windows PowerShell
windows server
SteveMacNZ's avatar
SteveMacNZ
Iron Contributor
May 24, 2021

Gujumax 

you were very close - your Where-Object statement was incorrect

 

Get-ADGroup -Filter $Groups -Properties Member,GroupCategory | Where-Object {$_.Members.count -eq 0 -and $_.GroupCategory -eq 'Distribution'}

 

  • Gujumax's avatar
    Gujumax
    Copper Contributor
    May 24, 2021

    Could someone help with the if, if, elseif statement below?

    This is what I'm trying to accomplish.

    1. if the group is empty move it to target OU.
    2. if the group is non-empty and is a Distribution group, remove all members then move it to target OU.
    3. if the group is non-empty and is a Security group, convert it to a Distribution group then move it to target OU.

    foreach ($Group in $Groups) {


    $Groups | Get-ADGroup -Properties Member,GroupCategory | Select-Object member,groupcategory

    ## Move all Distribution or Security Groups that are empty to new OU.

    if ($_.members.count -eq 0){
    Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
    Write-Host "$Group is empty!" -ForegroundColor green

    }
    ## Remove members from non-empty Distribution groups and move the group to new OU.

    if ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Distribution'){
    {
    Remove-ADGroupMember -Identity $Group -Members (Get-ADGroupMember -Identity $Group) -Confirm:$False | Move-ADObject -TargetPath $TargetOU

    ## Convert non-empty Distribution groups to Security group and move the group to new OU.

    elseif ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Security'){
    {
    Get-ADGroup -Identity $Group | Set-ADGroup -GroupCategory Distribution
    Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU


    }
    }
    }

    • SteveMacNZ's avatar
      SteveMacNZ
      Iron Contributor
      May 24, 2021

      Gujumax 

       

      Be careful with your { use, also indent your code it helps with picking the that {} are in the right place. Also because you are using a foreach loop you do not need to pipe $Groups to Get-ADGroup each time, you only need to do it for group you are currently working with

       

       

      foreach ($Group in $Groups) {
    Get-ADGroup -Identity $Group -Properties Member,GroupCategory | Select-Object member,groupcategory

    ## Move all Distribution or Security Groups that are empty to new OU.
    if ($_.members.count -eq 0){
        Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
        Write-Host "$Group is empty!" -ForegroundColor green
    }

    ## Remove members from non-empty Distribution groups and move the group to new OU.
    if ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Distribution'){
        Remove-ADGroupMember -Identity $Group -Members (Get-ADGroupMember -Identity $Group) -Confirm:$False | Move-ADObject -TargetPath $TargetOU
    }

    ## Convert non-empty Distribution groups to Security group and move the group to new OU.
    elseif ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Security'){
        Get-ADGroup -Identity $Group | Set-ADGroup -GroupCategory Distribution
        Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
    }
}

       

       

      You could however have the 

       $Groups | Get-ADGroup -Identity $Group -Properties Member,GroupCategory | Select-Object member,groupcategory outside of the foreach statement then use $group.element, to address - but you would need to change the code slightly 

       

Resources