Categories

Counting the members of a group

The need for a particular group comes and goes and eventually the group isn’t needed anymore. At that time you have to delete the group but how do you know a group isn’t needed? Probably because its empty and how do you know its empty?

## counts the members of all groups            
##  displays by number of members            
            
"`nMicrosoft"            
$data = @()            
Get-ADGroup -Filter * |             
foreach {            
 $count = (Get-ADGroupMember -Identity $($_.DistinguishedName)).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($_.Name)            
   DistinguishedName = $($_.DistinguishedName)            
   MemberCount = $count            
 }             
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
"`nAD provider"            
$data = @()            
Get-ChildItem -Filter "(objectclass=group)" -Path Ad:\"DC=Manticore,DC=org" -Recurse |            
foreach {             
  $group = [adsi]"LDAP://$($_.DistinguishedName)"            
                
  $count = ($group.Member).Count            
  if ($count -eq $null){$count = 0}            
  $data += New-Object -TypeName PSObject -Property @{            
    Name = $($group.Name)            
    DistinguishedName = $($group.distinguishedName)            
    MemberCount = $count            
  }            
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
"`nQuest"            
$data = @()            
Get-QADGroup |             
foreach {            
 $count = (Get-QADGroupMember -Identity $($_.DN)).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($_.Name)            
   DistinguishedName = $($_.DN)            
   MemberCount = $count            
 }             
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
            
"`nScript"            
$data = @()            
$root = [ADSI]""            
$search = [adsisearcher]$root            
$search.Filter = "(objectclass=group)"            
$search.SizeLimit = 3000            
$search.FindAll() |            
foreach {            
 $group = $_.GetDirectoryEntry()              
             
 $count = ($group.Member).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($group.Name)            
   DistinguishedName = $($group.distinguishedName)            
   MemberCount = $count            
}            
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            


 



Conceptually all of the solutions are the same – find all the groups in the domain, and count the number of members. The cmdlet solutions are similar as are the script and the provider.



In my testing the script and provider were much faster than the cmdlets

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>