Counting the members of a group

The need for a particular group comes and goes and eventually the group isn’t needed anymore. At that time you have to delete the group but how do you know a group isn’t needed? Probably because its empty and how do you know its empty?

## counts the members of all groups            
##  displays by number of members            
            
"`nMicrosoft"            
$data = @()            
Get-ADGroup -Filter * |             
foreach {            
 $count = (Get-ADGroupMember -Identity $($_.DistinguishedName)).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($_.Name)            
   DistinguishedName = $($_.DistinguishedName)            
   MemberCount = $count            
 }             
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
"`nAD provider"            
$data = @()            
Get-ChildItem -Filter "(objectclass=group)" -Path Ad:\"DC=Manticore,DC=org" -Recurse |            
foreach {             
  $group = [adsi]"LDAP://$($_.DistinguishedName)"            
                
  $count = ($group.Member).Count            
  if ($count -eq $null){$count = 0}            
  $data += New-Object -TypeName PSObject -Property @{            
    Name = $($group.Name)            
    DistinguishedName = $($group.distinguishedName)            
    MemberCount = $count            
  }            
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
"`nQuest"            
$data = @()            
Get-QADGroup |             
foreach {            
 $count = (Get-QADGroupMember -Identity $($_.DN)).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($_.Name)            
   DistinguishedName = $($_.DN)            
   MemberCount = $count            
 }             
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            
            
            
"`nScript"            
$data = @()            
$root = [ADSI]""            
$search = [adsisearcher]$root            
$search.Filter = "(objectclass=group)"            
$search.SizeLimit = 3000            
$search.FindAll() |            
foreach {            
 $group = $_.GetDirectoryEntry()              
             
 $count = ($group.Member).Count            
 if ($count -eq $null){$count = 0}            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $($group.Name)            
   DistinguishedName = $($group.distinguishedName)            
   MemberCount = $count            
}            
}            
$data | sort MemberCount -Descending | Format-Table -AutoSize            

 

Conceptually all of the solutions are the same – find all the groups in the domain, and count the number of members. The cmdlet solutions are similar as are the script and the provider.

In my testing the script and provider were much faster than the cmdlets

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

4 Responses to Counting the members of a group

  1. Eric says:

    I use the following QAD command which gives me same result, but is more quicker because it doesn’t need Get-QADGroupMember:
    Get-QADGroup -SizeLimit 0 | Format-Table name, DN, {$_.members.count}

  2. DOnald Hart says:

    I have found that this does not work if memvoership is over 1500.
    Any sugestions why

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s