Detect empty ActiveDirectory groups

Tue Mar 09 2021
powershellactivedirectorywindows
$FilterGroups = { $_.Members.Count -eq 0 -and `
    $_.DistinguishedName -notlike '*CN=Builtin,*' -and `
    $_.DistinguishedName -notlike '*CN=Users,*' -and `
    $_.DistinguishedName -notlike '*OU=Microsoft Exchange Security Groups,*' -and `
    $_.DistinguishedName -notlike '*OU=Microsoft Exchange System Objects,*' }

$PropertyOU = @{N = 'OU'; E = { ($_.DistinguishedName -split ',' | Select-Object -Skip 1) -join ',' } }

$ADGroups = Get-ADGroup -Filter * -Properties members

$ADGroups | `
    Where-Object $FilterGroups | `
    Select-Object Name, GroupCategory, GroupScope, $PropertyOU | `
    Out-GridView