Share via

AD group clean up Powershell HELP!

Max Patel 1 Reputation point
2021-05-24T15:45:18.073+00:00

Could someone please help with the if, if, elseif statement below? Sorry but, I'm new to Powershell and trying to make this work.

This is what I'm trying to accomplish. Read the list of groups from file and..

*1. if the group is empty move it to target OU.
*2. if the group is non-empty and is a Distribution group, remove all members then move it to target OU.
*3. if the group is non-empty and is a Security group, convert it to a Distribution group then move it to target OU.

$Groups = Get-Content -Path c:\ADGroupsMemberExport.txt
$TargetOU = "OU=_UnusedADGroups,DC=test,DC=local"

foreach ($Group in $Groups) {


$Groups | Get-ADGroup -Properties Member,GroupCategory | Select-Object member,groupcategory

##Move all Distribution or Security Groups that are empty to new OU.

if ($_.members.count -eq 0){
Get-ADGroup -Identity $Group | Move-ADObject -TargetPath $TargetOU
Write-Host "$Group is empty!" -ForegroundColor green

}
##Remove members from non-empty Distribution groups and move the group to new OU.

if ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Distribution'){
{
Remove-ADGroupMember -Identity $Group -Members (Get-ADGroupMember -Identity $Group) -Confirm:$False | Move-ADObject -TargetPath $TargetOU

##Convert non-empty Distribution groups to Security group and move the group to new OU.

elseif ($_.members.count -ne 0 -and $_.GroupCategory -eq 'Security'){
{
Get-ADGroup -Identity $Group | Set-ADGroup -GroupCategory Distribution | Move-ADObject -TargetPath $TargetOU

      }
  }
}
Windows for business Windows Server User experience PowerShell

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-05-25T02:16:40.587+00:00

    Hi,

    I made some modifications to your script. Hope this works for you. 

    $Groups = Get-Content -Path c:\ADGroupsMemberExport.txt  
$TargetOU = "OU=_UnusedADGroups,DC=test,DC=local"  
$Groups | Get-ADGroup -Properties Member | ForEach-Object{  
    ##Move all Distribution or Security Groups that are empty to new OU.  
    if($_.member.count -eq 0) {  
        Move-ADObject -Identity $_ -TargetPath $TargetOU          
    }  
    ##Remove members from non-empty Distribution groups and move the group to new OU.  
    elseif ($_.GroupCategory -eq 'Distribution')  
    {  
        Remove-ADGroupMember -Identity $_ -Members (Get-ADGroupMember -Identity $_) -Confirm:$False -PassThru | Move-ADObject -TargetPath $TargetOU  
    }  
    ##Convert non-empty Distribution groups to Security group and move the group to new OU.  
    elseif ($_.GroupCategory -eq 'Security')  
    {  
        Set-ADGroup -Identity $_ -GroupCategory Distribution -PassThru | Move-ADObject -TargetPath $TargetOU  
    }     
}

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.