Quicktip: Group queries via Powershell

These are mainly for me and my notes, but putting them out here in case anyone needs them. Requires Quest AD Management Powershell tools.

get-qadgroup -sizelimit 1000000|where-object {$_.mail -ne $null}|where-object {$_.grouptype -eq 'Security'}|select-object name,managedby,mail,GroupScope,grouptype,description|export-csv d:\MailEnabledSecurity.csv

Let’s deconstruct this:

get-qadgroup: get’s the AD group using Quest. You can also use get-adgroup, but some functions don’t work right.

-sizelimit 1000000: basically means I’m lazy and just saying give me them all since by default it limits you to only so many results

|where-object {$_mail -ne $null}: So take the list of all the groups you just pulled from AD, now only give me the ones that have an email address listed.

|where-object {$_.grouptype -eq “Security”}: I’ve added this because I want to know if I have any mail enabled Security groups. This is either good or bad depending on your environment.

|select-object name,managedby,mail,GroupScope,grouptype,description: These are the fields I want.

|export-csv d:\MailEnabledSecurity.csv: export the results to a CSV

**The reason I ran this all one one line of code was because I was getting weird results with the export if I tried to store these in variables because some of those fields like description can be null.

Another one:

get-qadgroup -sizelimit 1000000|where-object {$_.grouptype -eq 'Distribution'}|where-object {$_.groupscope -ne 'Universal'}|select-object name,managedby,mail,GroupScope,grouptype,description |export-csv d:\NotUniversalDL.csv

Basically the same as the previous one, except checking if a Group is a Distribution group, and is NOT a Universal group. This can give us some issues when we ADMT them later.

Want one more?

import-csv d:\deletedgroups.csv|get-qadgroup -identity {$_.cn}|select-object name,managedby,mail,groupscope,grouptype,description|export-csv d:\groupstodelete.csv –notype

The difference with this one is that I don’t want all groups. I only want specific groups that I’ve saved previously to a CSV. After we do the import the key with this one is that I only care about the one column – CN – and you’d think I could just do get-qadgroup|select… but it didn’t like the implied Identity. Ultimately I had to explicitly say -identity {$_.cn}. The brackets were the weird qualifier there as normally I would just do $_.cn, but that didn’t work either.


