Getting stats on AD Groups

Sup’ PSHomies,

Did you ever had the need to “know” just who are members of a specific group and more importantly, if they were users or groups… Maybe I can assist… 😉

To distinguish between a user or group use Get-ADUser / Get-ADGroup. Get-ADUser will process None or Microsoft.ActiveDirectory.Management.ADUser only objects. The same goes for Get-ADGroup. Either None or Microsoft.ActiveDirectory.Management.ADGroup only objects will be processed.

With this info we can now process the AD Group to get just who is a member and what is their object class.

	#region Get AD Group stats
	#Specify ADGroup(s) using like
	$groupName = 'DAT_ICT*'
	$adGroup = Get-ADGroup -Filter { Name -like $groupName} |
	Foreach-Object {
	[PSCustomObject]@{
	Group = $_
	GroupMembers = Get-ADGroup -Filter { memberOf -eq $_.DistinguishedName }
	UserMembers = Get-ADUser -Filter { memberOf -eq $_.DistinguishedName }
	UserMembersRecursive = Get-ADGroup -Filter { memberOf -eq $_.DistinguishedName } |
	ForEach-Object{
	Get-ADGroupMember -Identity $_ -Recursive
	}
	GroupMemberOf = Get-ADGroup -Filter { members -eq $_.DistinguishedName }
	}
	}
	#Get Count of the ADGroup(s)
	$adGroupMembersCount = $adGroup |
	ForEach-Object{
	[PSCustomObject]@{
	Group = $_.Group.Name
	countGroupMembers = @($_.GroupMembers).Count
	countUserMembers = @($_.UserMembers).Count
	countUserMembersRecursiveUnique = @($_.UserMembersRecursive | Select-Object -Unique ).Count
	countGroupMembersOf = @($_.GroupMemberOf).Count
	}
	}
	#endregion

view raw Get-ADGroupStats.ps1 hosted with ❤ by GitHub

I opted for a specific AD Group name pattern. Feel free to refactor to your needs! Depending on your AD size it may take a while if you decide to retrieve all AD Groups…

Hope it’s worth something to you,

Ttyl,

Urv