I'm trying to get all AD groups that have a blank Managed By Name and the description of the AD group. I'm currently having issues with displaying no results using my filter, but am not sure why. Any help is appreciated.
Get-ADGroup -filter * | Where-Object {$_.ManagedBy -eq ""} | Select-Object manager,description | Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
The current script is not showing any users which it should be showing several users
The problem is that Get-ADGroup does not return an object with the ManagedBy attribute by default, you need to ask for it (-Properties ManagedBy):
Get-ADGroup -Filter * -Properties ManagedBy, Manager, Description |
Where-Object {-not $_.ManagedBy } | Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
However, this operation is quite inefficient, you can use LDAP filtering capabilities for this:
Get-ADGroup -LDAPFilter "(!managedby=*)" -Properties Manager, Description |
Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
As a side note, Where-Object { $_.ManagedBy -eq "" } is likely to not return any results, you would be querying for AD Groups where their ManagedBy attribute is set and it's value is equal to an emptry string instead of filtering for groups that don't have the attribute set or it's value is $null or empty string ({-not $_.ManagedBy }):
$null -eq '' # => False: comparison fails here
-not $null # => True
-not '' # => True
The below article explains the steps with examples. Using the LDAPfilter will be a better way to do it, as it will be more efficient especially in a large organization with thousands of AD groups.
