This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Empty AD Groups
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-28-2016 05:00 PM
I know I can query for a list of users in an Active Directory group but can I get a list of groups in Active Directory that have no users?
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-30-2016 01:38 PM
I deleted your other post, as it appeared to be a duplicate of this one. I've included a sample report below that you can add to your installation by following these instructions.
Select Distinct Top 1000000 tblADGroups.Name As ADGroupName,
tblADGroups.Description As ADGroupDescription,
Case tblADGroups.GroupType When -2147483646 Then 'security - global'
When -2147483644 Then 'security - local' When -2147483643 Then 'built-in'
When -2147483640 Then 'security - universal'
When 2 Then 'distribution - global' When 4 Then 'distribution - local'
When 8 Then 'distribution - universal' End As ADGroupType
From tblADMembership
Right Join tblADGroups On tblADMembership.ParentAdObjectID =
tblADGroups.ADObjectID
Left Join tblADusers
On tblADusers.ADObjectID = tblADMembership.ChildAdObjectID
Where (tblADusers.ADObjectID Is Null) Or
(tblADusers.ADObjectID = '')
Order By ADGroupName
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2017 12:23 PM
Hi Susan,
This report is already very helpful, but in our situation we also have groups being member of a group.
I'd like to filter these out as well, but cannot figure out how.
As far as I have seen, LANsweeper needs at least a computer or user to be involved in a group to 'recognize' it.
Is the above possible?
This report is already very helpful, but in our situation we also have groups being member of a group.
I'd like to filter these out as well, but cannot figure out how.
As far as I have seen, LANsweeper needs at least a computer or user to be involved in a group to 'recognize' it.
Is the above possible?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-02-2016 09:43 PM
Hello,
I noticed this shows empty OU's based on no users, I have several groups that contain computer objects in them and this report shows them as empty.
Can the report be adjusted to show empty, as in absolutely no objects with in them?
I noticed this shows empty OU's based on no users, I have several groups that contain computer objects in them and this report shows them as empty.
Can the report be adjusted to show empty, as in absolutely no objects with in them?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-16-2016 09:14 PM
SysIT wrote:
Hello,
I noticed this shows empty OU's based on no users, I have several groups that contain computer objects in them and this report shows them as empty.
Can the report be adjusted to show empty, as in absolutely no objects with in them?
I've included a sample report below that lists completely empty groups (no users and no computers).
Select Distinct Top 1000000 tblADGroups.Name As ADGroupName,
tblADGroups.Description As ADGroupDescription,
Case tblADGroups.GroupType When -2147483646 Then 'security - global'
When -2147483644 Then 'security - local' When -2147483643 Then 'built-in'
When -2147483640 Then 'security - universal'
When 2 Then 'distribution - global' When 4 Then 'distribution - local'
When 8 Then 'distribution - universal' End As ADGroupType
From tblADMembership
Right Join tblADGroups On tblADMembership.ParentAdObjectID =
tblADGroups.ADObjectID
Left Join tblADusers
On tblADusers.ADObjectID = tblADMembership.ChildAdObjectID
Left Join tblADMembership tblADMembership1
On tblADMembership1.ParentAdObjectID = tblADGroups.ADObjectID
Left Join tblADComputers On tblADComputers.ADObjectID =
tblADMembership1.ChildAdObjectID
Where (tblADusers.ADObjectID Is Null Or tblADusers.ADObjectID = '') And
(tblADComputers.ADObjectID Is Null Or tblADComputers.ADObjectID = '')
Order By ADGroupName
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-30-2016 01:38 PM
I deleted your other post, as it appeared to be a duplicate of this one. I've included a sample report below that you can add to your installation by following these instructions.
Select Distinct Top 1000000 tblADGroups.Name As ADGroupName,
tblADGroups.Description As ADGroupDescription,
Case tblADGroups.GroupType When -2147483646 Then 'security - global'
When -2147483644 Then 'security - local' When -2147483643 Then 'built-in'
When -2147483640 Then 'security - universal'
When 2 Then 'distribution - global' When 4 Then 'distribution - local'
When 8 Then 'distribution - universal' End As ADGroupType
From tblADMembership
Right Join tblADGroups On tblADMembership.ParentAdObjectID =
tblADGroups.ADObjectID
Left Join tblADusers
On tblADusers.ADObjectID = tblADMembership.ChildAdObjectID
Where (tblADusers.ADObjectID Is Null) Or
(tblADusers.ADObjectID = '')
Order By ADGroupName
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Office 365: Users With License in General Discussions
- The installed software is Empty in General Discussions
- Asset Group - Unable to Edit or Delete a Particular Group in General Discussions
- LSAgent and remote Active Directory scan in General Discussions
- Subgroup in Asset Groups in General Discussions
