Finding all groups that contain the same members in Active Directory

Active Directory users are put into groups for categorization and access privilege purposes. However, as an organization grows, there may be instances of repetition of groups, or an administrator may be required to monitor the groups that a specific user is present in. Manual search in this case is time-consuming, so administrators turn to PowerShell.

 

Using PowerShell,  it is possible to identify the groups that have the same members using the adsisearcher commandlet. Here's the script:

 

1. $Searcher = [adsisearcher]'(member=*)'
2. $Searcher.PageSize = 500
3. $Searcher.FindAll() |  ForEach-Object {
4.  
5.     New-Object -TypeName PSCustomObject -Property @{
6.         DistinguishedName = $_.Properties.distinguishedname[0]
7.         Member = $_.Properties.member -join ';'
8.     }
9.  
10. } | Group-Object -Property member |
11. Where-Object {$_.Count -gt 1} |
12. Sort-Object -Property Count -Descending

• Related Articles

• Identifying Active Directory built-in groups

  An Active Directory (AD) environment will contain a set of groups by default when a domain is created. These groups are built-in groups, and they are located in the built-in container. The built-in groups can be used to control access to shared ...

• How to add/remove Active Directory users to Active Directory groups using PowerShell

  Active Directory is a powerful tool for managing users and groups in a Windows environment. One of the most often-repeated tasks for administrators is to add or remove users from Active Directory groups. In this article, we will explore how to ...

• How to create and manage Microsoft 365 groups with PowerShell

  Introduction: Microsoft 365 Groups is a collaboration feature that allows users to work together and share resources such as calendars, files, and email messages. Microsoft 365 Groups can be created and managed using the Microsoft 365 admin center, ...

• Monitoring Active Directory Group Membership Changes

  For security reasons, users in an Active Directory (AD) network would be put in groups, and they will be granted or denied certain privileges according to the groups they belong to. This is done so that users do not have unnecessary access to ...

• Generate an Activity Report for Microsoft 365 Groups and Teams

  Introduction The activity reports available for Microsoft 365 groups and Teams can be beneficial for administrators in an organization. Microsoft 365 teams group activity reports provide insight into group activities, group workloads, group counts, ...