Finding all AD groups someone owns is as easy as:
Get-QADGroup -ManagedBy 'Dmitry Sotnikov'
(Obviously put your name, sAMAccountName, DN, email address or another identifier instead of mine. π )
This is one of the nice little features added in QAD cmdlets 1.3.
One interesting modification of this cmdlet is to look for all groups owned by your reports:
Get-QADGroup -ManagedBy (Get-QADUser -Manager 'Dmitry Sotnikov')
Or with some output:
Get-QADGroup -ManagedBy (Get-QADUser -Manager 'Dmitry Sotnikov') | Format-Table Name, ManagedBy
Now you can see which groups maybe you should no longer manage, or find nice unused groups for some safe experiments. π
I need to clean up over 1000 DL groups and wanted to see if it’s possible to create a script to email each DL owner with the DL and members details to find out if the DL is still in use and needed?
Jose,
Yes, this is absolutely possible. Getting groups is easy with Get-QADGroup. Then you can use the ManagedBy property of the group object to find the owner. I think this will give you the DN, which you can then supply to Get-QADUser to get the actual user object which would have the email address.
For sending email, Send-MailMessage is your friend.
If you get stuck you might want to post additional questions to the forums at http://powergui.org
Dmitry
I’m new to scripting so I was hoping to find a script I can use. Do you know if there’s already such a script I can use?
How would I get the Owner of the DL? Not the Managedby but the Owner
Try to use Get-QADGroup -SecurityMask Owner | Get-QADPermission
I do not have a lab to test this right now, but seems to be the way based on the documentation:
http://wiki.powergui.org/index.php/Get-QADGroup
http://wiki.powergui.org/index.php/Get-QADPermission