PowerShell Tip of the Week: Get duplicated AD groups

Posted on by Pawel Janowicz
lastlogondate

In this post, I want to share a simple method to find duplicated Active Directory objects.

Get-ADGroup

Recently I was looking for duplicated groups. I was using one of the ActiveDirectory module commands and a simple filter to find all groups.

The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory.

The Identity parameter specifies the Active Directory group to get. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name, or canonical name. You can also specify a group object variable, such as $<localGroupObject>.

# Active Directory query params
$Params = @{
     Filter       = "*"
     Server       = ($env:LOGONSERVER -replace "\\",'')
     Properties   = 'Mail'
} 

# Get AD groups
$ADGroups = Get-ADGroup @Params | Select-Object $Params.properties

The next step was to filter results and remove those groups where the mail attribute was empty.

# Filtering groups
$EmptyFiltered = $ADGroups | Where-Object { $_.mail.Length -gt 1 }

To scan results and find duplicates I run this simple lookup script:

  
$Hashtable  = [ordered]@{ }
$Duplicates = @()
foreach ($item in $EmptyFiltered.mail){
        Try{
            $Hashtable.add($item, 0)
        }
        Catch [System.Management.Automation.MethodInvocationException]{
            $Duplicates += $item
        }
}

Duplicated AD groups

Below you can find the final script that will:

  • Get all Active Directory group
  • Filter results to remove empty values
  • Run lookup script to find duplicates
  • Display results in the console

    # Getting AD Groups ################################################################
    Try{
        # Active Directory query params
        $Params = @{
                Filter       = "*"
                Server       = ($env:LOGONSERVER -replace "\\",'')
                Properties   = 'Mail'
        } 

        # Get AD groups
        $ADGroups = Get-ADGroup @Params | Select-Object $Params.properties

        # Filtering groups
        $EmptyFiltered = $ADGroups | Where-Object { $_.mail.Length -gt 1 }                                                                

        # Remove variables
        Remove-Variable ADGroups
        [System.GC]::Collect()      
    }
    Catch{
        $_.Exception.Message
        Read-Host 'Press enter to close the window'
        Exit
    }


    # Get AD duplicated groups #########################################################   
    $Hashtable  = [ordered]@{ }
    $Duplicates = @()
    foreach ($item in $EmptyFiltered.mail){
        Try{
            $Hashtable.add($item, 0)
        }
        Catch [System.Management.Automation.MethodInvocationException]{
            $Duplicates += $item
        }
    }


    # Duplicated groups results ######################################################### 
    If($Duplicates){
        $Duplicates
    }

I hope this was informative for you 🙂 See you in the next articles.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.