The below is a great little VBS script to find all empty Active Directory groups in the current domain.
Usage
cscript c:\Find_Empty_AD_Groups.vbs //nologo
The empty AD groups will be listed in your command prompt window.
The Script
'Define Constants
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
'Set Variables
DQ = Chr(34) 'Double Quote
'Create Objects
Set objShell = CreateObject("Wscript.Shell")
'Verifies script was run using CSCRIPT, and if not relauches it using CSCRIPT
If Not WScript.FullName = WScript.Path & "\cscript.exe" Then
objShell.Popup "Launched using wscript. Relaunching...", 5, "WSCRIPT"
objShell.Run "cmd.exe /k " & WScript.Path & "\cscript.exe //NOLOGO " & _
DQ & WScript.scriptFullName & DQ, 1, False
WScript.Quit 0
End If
'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")
'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT ADsPath,cn,member FROM '" & strADsPath & _
"'" & " WHERE objectClass='group'"
Set objRecordSet = objCommand.Execute
If objRecordSet.EOF Then
WScript.echo "Error, no groups found"
WScript.quit
Else
WScript.Echo "List of empty groups"
WScript.Echo "============================================================="
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strGroupName = objRecordSet.Fields("ADsPath").Value
strCN = objRecordSet.Fields("cn").Value
arrMembers = objRecordSet.Fields("member").Value
If IsNull(arrMembers) Then
'The group has no members
'Show the Common name
WScript.Echo strCN
'To show the Distinguished name
'WScript.Echo strGroupName
End If
objRecordSet.MoveNext
Loop
End If
WScript.Echo "Script has finished"
Alternative PowerShell Method
If you would prefer to use PowerShell take a look at the below link for an alternative method.
Thank you, script works great.
Glad I could help
Hello mate, thanks first for your effort, however I would need your assistance to find the results, any idea how to export it to an excel file or so?
Regards
Hi and welcome, the below modified script will output to a csv file called Empty_AD_Groups_Report.csv which will be saved in the same location as where the script is run from.
If you want a proper Excel file with formatting etc take a look here https://geekshangout.com/an-example-of-using-a-vbs-script-to-create-populate-and-format-an-excel-document/
I hope this helps?
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
'Set Variables
DQ = Chr(34) 'Double Quote
'Create Objects
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Create the output file
currentScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
reportFile = currentScriptPath & "Empty_AD_Groups_Report.csv"
Set objReportFile = objFSO.OpenTextFile(reportFile, ForWriting, True, True)
'Verifies script was run using CSCRIPT, and if not relauches it using CSCRIPT
If Not WScript.FullName = WScript.Path & "\cscript.exe" Then
objShell.Popup "Launched using wscript. Relaunching…", 5, "WSCRIPT"
objShell.Run "cmd.exe /k " & WScript.Path & "\cscript.exe //NOLOGO " & _
DQ & WScript.scriptFullName & DQ, 1, False
WScript.Quit 0
End If
'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")
'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT ADsPath,member FROM '" & strADsPath & _
"'" & " WHERE objectClass='group'"
Set objRecordSet = objCommand.Execute
If objRecordSet.EOF Then
WScript.echo "Error, no groups found"
WScript.quit
Else
objReportFile.Write("List of empty groups")
objReportFile.Write("=============================================================")
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strGroupName = objRecordSet.Fields("ADsPath").Value
arrMembers = objRecordSet.Fields("member").Value
If IsNull(arrMembers) Then
objReportFile.Write(strGroupName)
End If
objRecordSet.MoveNext
Loop
End If
'Close the file
objReportFile.Close
WScript.Echo "Script has finished"
Hi,
When i run this script i get a error saying An invalid Directory Pathname was Passed. Any clue what im doing wrong? I am a bit of a noob so might not be editing it correctly.
Cheers,
Ryan