In this post I will share a short bit of PowerShell to discover empty, used Active Director groups.
This post will be short and to the point!
Pre-requisites
Before you can use the Active Directory Cmdlets you will either need the to install the RSAT tools or run the below PowerShell on on Domain Controller. Y
ou can read more about Active Directory Administration with Windows PowerShell here https://technet.microsoft.com/en-us/library/dd378937(WS.10).aspx
The Script
Amend the Export-Csv path as required.
Import-Module activedirectory
Get-ADGroup -Filter * -Properties Members | Where {-not $_.members} | select Name | Export-Csv D:\EmptyADGroups.csv –NoTypeInformation
As you can see the script is very short, it simply finds all groups with no members and exports to the CSV file, D:\EmptyADGroups.csv in this example but change that path as required.
If you wanted to check the members of a particular group you could use
Get-ADGroup '<group name>' | Get-Member
Alternative VBS Method
If you would prefer to use VBS take a look at the below link for an alternative method.