#PSTip Find all groups with same group members in Active Directory

Note: This tip requires PowerShell 2.0 or above.

Today I was asked if there was a way to find out which groups have the same group members. This is possible by parsing the output of a DirectoryServices.DirectorySearcher or [adsisearcher] class. The following example groups the results and sorts by the number of groups that have the same group membership:

$Searcher = [adsisearcher]'(member=*)'
$Searcher.PageSize = 500
$Searcher.FindAll() |  ForEach-Object {
    New-Object -TypeName PSCustomObject -Property @{
        DistinguishedName = $_.Properties.distinguishedname[0]
        Member = $_.Properties.member -join ';'
    }
} | Group-Object -Property member |
Where-Object {$_.Count -gt 1} |
Sort-Object -Property Count -Descending

The output looks similar to this:

Count Name                      Group
----- ----                      -----
   15 CN=Domain Users,CN=Use... {@{distinguishedname=CN=test123...
   13 CN=Domain Users,CN=Use... {@{distinguishedname=CN=test456...
To get the group names and the members, the output from the Group-Object cmdlet should be expanded by utilizing Select-Object –ExpandProperty. This output will be piped to Export-Csv which will generate a report containing all groups in Active Directory that have exactly the same members:


    $Searcher = [adsisearcher]'(member=*)'
    $Searcher.PageSize = 500
    $Searcher.FindAll() | ForEach-Object {
        New-Object -TypeName PSCustomObject -Property @{
            DistinguishedName = $_.Properties.distinguishedname[0]
            Member = $_.Properties.member -join ';'
        }
    } | Group-Object -Property member | Where-Object {$_.Count -gt 1} |
    Sort-Object -Property Count -Descending |
    Select-Object -ExpandProperty Group |
    Export-Csv -Path GroupWithIdenticalMembership.csv -NoTypeInformation

The output of this command is as follows:

![](/images/Jaap_AD1.png)
            
            



Share on: